CNNVD-202507-2834 Information

CNNVD ID

CNNVD-202507-2834

Related CVE

CVE-2025-53538

• CNNVD Published: 2025-07-22

Description (Chinese)

Suricata是Open Information Security基金会的一个网络IDS、IPS和NSM引擎。 Suricata 7.0.10及之前版本和8.0.0-beta1至8.0.0-rc1版本存在安全漏洞，该漏洞源于HTTP2流0数据处理不当，可能导致内存使用失控。

Description (English)

Suricata is a web-based IDS, IPS and NSM engine of the Open Information Security Foundation. Suricata 7.0.10 and previous versions and 8.0.0-beta1 to 8.0.0-rc1 contain a security loophole, which stems from inadequate data processing of HTTP 2-stream 0, which could lead to uncontrolled use of memory.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Open Information Security

Published

2025-07-22

Last Modified

2026-02-24

References

https://github.com/OISF/suricata/commit/1d6d331752e933c46aca0ae7a9679b27462246e3 https://github.com/OISF/suricata/commit/7fa88ea9e7d05e07a7864050cfd836b576669720 https://github.com/OISF/suricata/security/advisories/GHSA-qrr7-crgj-cmh3 https://vigilance.fr/vulnerability/Suricata-memory-leak-via-HTTP2-Stream-0-48044 https://nvd.nist.gov/vuln/detail/CVE-2025-53538 https://access.redhat.com/security/cve/cve-2025-53538

Patch

https://suricata.io/download/