CVE-2025-64334

EPSS 0.06%
Veröffentlicht 26.11.2025 22:39:15
Zuletzt bearbeitet 05.12.2025 19:51:28
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Suricata is vulnerable to unbounded memory growth for decompression

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2. A workaround involves disabling LZMA decompression or limiting response-body-limit size.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oisf ≫ Suricata Version >= 8.0.0 < 8.0.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.175

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://github.com/OISF/suricata/security/advisories/GHSA-r5jf-v2gx-gx8w

Third Party Advisory

https://github.com/OISF/suricata/commit/00f04daa3a44928dfdd0003cb9735469272c94a1

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-64334

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-64334

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-64334

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-64334