PT-2025-29086 · Open Information Security Foundation+2 · Suricata+2
Jasonish
·
Published
2025-07-10
·
Updated
2025-11-07
·
CVE-2025-53538
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Suricata versions 7.0.10 and below
Suricata versions 8.0.0-beta1 through 8.0.0-rc1
Description
Suricata, a network IDS, IPS, and NSM engine, is affected by an issue where mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, potentially resulting in loss of visibility.
Recommendations
Suricata versions prior to 7.0.11: Disable the HTTP/2 parser.
Suricata versions prior to 7.0.11: Utilize a signature like
drop http2 any any -> any any (frame:http2.hdr; byte test:1,=,0,3; byte test:4,=,0,5; sid: 1;) to mitigate the issue.
Suricata versions prior to 8.0.0: Disable the HTTP/2 parser.
Suricata versions prior to 8.0.0: Utilize a signature like drop http2 any any -> any any (frame:http2.hdr; byte test:1,=,0,3; byte test:4,=,0,5; sid: 1;) to mitigate the issue.Exploit
Fix
Resource Exhaustion
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Debian
Suricata