Stack-based Buffer Overflow Affecting suricata package, versions <1:8.0.2-1
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-DEBIANUNSTABLE-SURICATA-14139377
- published28 Nov 2025
- disclosed26 Nov 2025
Introduced: 26 Nov 2025
NewCVE-2025-64333 (opens in a new tab)How to fix?
Upgrade Debian:unstable suricata to version 1:8.0.2-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream suricata package and not the suricata package as distributed by Debian.
See How to fix? for Debian:unstable relevant fixed versions and status.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a large HTTP content type, when logged can cause a stack overflow crashing Suricata. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves limiting stream.reassembly.depth to less then half the stack size. Increasing the process stack size makes it less likely the bug will trigger.