Stack-based buffer overflow in Suricata - CVE-2025-64331
Published: November 27, 2025
Vulnerability identifier: #VU118809
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-64331
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Open Information Security Foundation
Affected software:
Suricata
Suricata
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error on large HTTP file transfers. A remote attacker can trigger a stack-based buffer overflow and perform a denial of service attack.
Successful exploitation of this vulnerability requires that the HTTP response body limit has been increased and that logging of printable HTTP bodies was enabled.
How to mitigate CVE-2025-64331
Install updates from vendor's website.