Home > Vulnerability Database > CVE-2025-64344

Mend.io Vulnerability Database

CVE-2025-64344

Good to know:

Date: November 26, 2025

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.

Severity Score

7.5

Related Resources (4)

Url: https://github.com/OISF/suricata/commit/e13fe6a90dba210a478148c4084f6f5db17c5b5a

Url: https://github.com/OISF/suricata/security/advisories/GHSA-93fh-cgmc-w3rx

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-64344

Url: https://www.mend.io/vulnerability-database/CVE-2025-64344

Severity Score

7.5

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Stack-based Buffer Overflow

CWE-121

Top Fix

Upgrade Version

Upgrade to version https://github.com/OISF/suricata.git - suricata-7.0.13;https://github.com/OISF/suricata.git - suricata-8.0.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-64344

Good to know:

Date: November 26, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?