Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-64344

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.

Published

2025-11-26T23:15:49.080

Last Modified

2025-12-03T16:06:06.107

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-121
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	oisf	suricata	< 7.0.13	Yes
Application	oisf	suricata	< 8.0.2	Yes

References

https://github.com/OISF/suricata/commit/e13fe6a90dba210a478148c4084f6f5db17c5b5a Patch ([email protected])
https://github.com/OISF/suricata/security/advisories/GHSA-93fh-cgmc-w3rx Issue Tracking, Third Party Advisory ([email protected])