CVE-2025-29917: Suricata decode_base64: signature can do large memory allocation

6.2 CVSS

Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decode_base64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per thread. This vulnerability is fixed in 7.0.9.

Classification

CVE ID: CVE-2025-29917

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.2

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem Types

CWE-770: Allocation of Resources Without Limits or Throttling

Affected Products

Vendor: OISF

Product: suricata

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.06% (scored less or equal to compared to others)

EPSS Date: 2025-04-20 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-29917
https://github.com/OISF/suricata/security/advisories/GHSA-x8c9-8553-j9px
https://github.com/OISF/suricata/commit/32d0bd2bbb4d486623dec85a94952fde2515f2f0
https://redmine.openinfosecfoundation.org/issues/7613

Timeline

2025-04-10 22:40:19 UTC
CVE

Suricata decode_base64: signature can do large memory allocation