{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-64334", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-10-30T17:40:52.029Z", "datePublished": "2025-11-26T22:39:15.552Z", "dateUpdated": "2025-11-28T17:05:47.134Z"}, "containers": {"cna": {"title": "Suricata is vulnerable to unbounded memory growth for decompression", "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-r5jf-v2gx-gx8w", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-r5jf-v2gx-gx8w"}, {"name": "https://github.com/OISF/suricata/commit/00f04daa3a44928dfdd0003cb9735469272c94a1", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/suricata/commit/00f04daa3a44928dfdd0003cb9735469272c94a1"}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"version": ">= 8.0.0, < 8.0.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-11-26T22:39:15.552Z"}, "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2. A workaround involves disabling LZMA decompression or limiting response-body-limit size."}], "source": {"advisory": "GHSA-r5jf-v2gx-gx8w", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-28T17:04:40.959387Z", "id": "CVE-2025-64334", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-28T17:05:47.134Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-64334", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-28T17:04:40.959387Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-28T17:04:55.524Z"}}], "cna": {"title": "Suricata is vulnerable to unbounded memory growth for decompression", "source": {"advisory": "GHSA-r5jf-v2gx-gx8w", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"status": "affected", "version": ">= 8.0.0, < 8.0.2"}]}], "references": [{"url": "https://github.com/OISF/suricata/security/advisories/GHSA-r5jf-v2gx-gx8w", "name": "https://github.com/OISF/suricata/security/advisories/GHSA-r5jf-v2gx-gx8w", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/OISF/suricata/commit/00f04daa3a44928dfdd0003cb9735469272c94a1", "name": "https://github.com/OISF/suricata/commit/00f04daa3a44928dfdd0003cb9735469272c94a1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2. A workaround involves disabling LZMA decompression or limiting response-body-limit size."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-11-26T22:39:15.552Z"}}}, "cveMetadata": {"cveId": "CVE-2025-64334", "state": "PUBLISHED", "dateUpdated": "2025-11-28T17:05:47.134Z", "dateReserved": "2025-10-30T17:40:52.029Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-11-26T22:39:15.552Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*", "matchCriteriaId": "C93A731C-19AD-4067-B28C-17164C2D981D", "versionEndExcluding": "8.0.2", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2. A workaround involves disabling LZMA decompression or limiting response-body-limit size."}], "id": "CVE-2025-64334", "lastModified": "2025-12-05T19:51:28.770", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-11-26T23:15:48.750", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/OISF/suricata/commit/00f04daa3a44928dfdd0003cb9735469272c94a1"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-r5jf-v2gx-gx8w"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "Suricata: Suricata: Unbounded memory growth via compressed HTTP data", "id": "2417387", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417387"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["A flaw was found in Suricata. This vulnerability allows unbounded memory growth during decompression via compressed HTTP data."], "name": "CVE-2025-64334", "public_date": "2025-11-26T22:39:15Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-64334\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-64334\nhttps://github.com/OISF/suricata/commit/00f04daa3a44928dfdd0003cb9735469272c94a1\nhttps://github.com/OISF/suricata/security/advisories/GHSA-r5jf-v2gx-gx8w"], "statement": "The highest threat is to system availability due to unbounded memory growth when processing compressed HTTP data. This issue affects Suricata when configured to inspect HTTP traffic that includes compressed content.", "threat_severity": "Important"}