CVE-2025-64344

EPSS 0.05%
Veröffentlicht 26.11.2025 23:05:33
Zuletzt bearbeitet 03.12.2025 16:06:06
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oisf ≫ Suricata Version < 7.0.13

Oisf ≫ Suricata Version >= 8.0.0 < 8.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.15

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://github.com/OISF/suricata/security/advisories/GHSA-93fh-cgmc-w3rx

Third Party Advisory

Issue Tracking

https://github.com/OISF/suricata/commit/e13fe6a90dba210a478148c4084f6f5db17c5b5a

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-64344

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-64344

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-64344

EUVD