CVE-2025-64344 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-64344 Interim 1 2 2026-03-05T00:27:05Z current 2025-12-23T00:15:40Z 2026-03-05T00:27:05Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-64344 Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed libsuricata8_0_3-8.0.3-1.1 suricata-8.0.3-1.1 suricata-devel-8.0.3-1.1 libsuricata8_0_3-8.0.3-1.1 as a component of openSUSE Tumbleweed suricata-8.0.3-1.1 as a component of openSUSE Tumbleweed suricata-devel-8.0.3-1.1 as a component of openSUSE Tumbleweed Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size. CVE-2025-64344 openSUSE Tumbleweed:libsuricata8_0_3-8.0.3-1.1 openSUSE Tumbleweed:suricata-8.0.3-1.1 openSUSE Tumbleweed:suricata-devel-8.0.3-1.1 important