Heap-based Buffer Overflow Affecting suricata package, versions [,7.0.13)[8.0.0,8.0.2)

Q: How to fix?

Upgrade suricata to version 7.0.13, 8.0.2 or higher.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-UNMANAGED-SURICATA-14135984
published27 Nov 2025
disclosed27 Nov 2025
creditJules Lumbergh

Report a new vulnerability Found a mistake?

Introduced: 27 Nov 2025

NewCVE-2025-64330 (opens in a new tab) CWE-122 (opens in a new tab)

How to fix?

Upgrade suricata to version 7.0.13, 8.0.2 or higher.

Overview

Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the verdict when logging eve.alert and eve.drop records. An attacker can cause a crash by filling the per packet alert queue with alerts and then triggering a pass rule.

Note: This is only exploitable if the per packet alert queue is filled with alerts and a pass rule is subsequently applied.

Workaround

This vulnerability can be mitigated by increasing the alert queue size (packet-alert-max) in the configuration if verdict is enabled.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
None
Integrity (VI)
None
Availability (VA)
High

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None