Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-64333

Опубликовано: 26 нояб. 2025
Источник: debian
EPSS Низкий

Описание

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a large HTTP content type, when logged can cause a stack overflow crashing Suricata. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves limiting stream.reassembly.depth to less then half the stack size. Increasing the process stack size makes it less likely the bug will trigger.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
suricatafixed1:8.0.2-1package
suricatafixed1:7.0.10-1+deb13u2trixiepackage
suricatano-dsabookwormpackage

Примечания

  • https://github.com/OISF/suricata/security/advisories/GHSA-537h-xxmx-v87m

  • https://redmine.openinfosecfoundation.org/issues/8056 (private)

  • Fixed by: https://github.com/OISF/suricata/commit/efe7aeb145e7dd1f14db3deff9c0d9900b34ecba (suricata-8.0.2)

  • Fixed by: https://github.com/OISF/suricata/commit/4b1d284bb57219b6677a8bda5cdc14a24a6aa22d (suricata-7.0.13)

EPSS

Процентиль: 24%
0.0008
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-64333

CVSS3: 7.5
ubuntu
2 месяца назад

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a large HTTP content type, when logged can cause a stack overflow crashing Suricata. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves limiting stream.reassembly.depth to less then half the stack size. Increasing the process stack size makes it less likely the bug will trigger.

nvd логотип

CVE-2025-64333

CVSS3: 7.5
nvd
2 месяца назад

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a large HTTP content type, when logged can cause a stack overflow crashing Suricata. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves limiting stream.reassembly.depth to less then half the stack size. Increasing the process stack size makes it less likely the bug will trigger.

fstec логотип

BDU:2025-15195

CVSS3: 7.5
fstec
3 месяца назад

Уязвимость системы обнаружения и предотвращения вторжений Suricata, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 24%
0.0008
Низкий