PT-2025-48203 · Open Information Security Foundation+2 · Suricata+2
Published
2025-11-07
·
Updated
2026-01-22
·
CVE-2025-64330
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Suricata versions prior to 7.0.13
Suricata versions prior to 8.0.2
Description
Suricata is a network IDS, IPS and NSM engine. A heap overflow can occur when logging verdict information in eve.alert and eve.drop records for versions prior to 7.0.13 and 8.0.2. This requires the per packet alert queue to be filled with alerts followed by a pass rule, potentially leading to crashes. The issue is related to a single byte read during logging. Increasing the alert queue size (
packet-alert-max in suricata.yaml) can reduce the likelihood of this issue occurring.Recommendations
Update to Suricata version 7.0.13 or later.
Update to Suricata version 8.0.2 or later.
Increase the alert queue size (
packet-alert-max) in the suricata.yaml configuration file.Exploit
Fix
Buffer Overflow
Memory Corruption
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Debian
Suricata