← Back

CVE-2025-53537

nvd nist
Published: Jul 23, 2025Modified: Aug 5, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: security-advisories@github.com (Secondary)

Description

LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To workaround this issue, set `suricata.yaml app-layer.protocols.http.libhtp.default-config.lzma-enabled` to false. This issue is fixed in version 0.5.51.

Affected (1)

Products: Oisf: Libhtp
Oisf
1 product
Libhtp
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Libhtp
Before 0.5.51

Related CWEs

CWE-401
Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (2)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
MitigationVendor Advisory

Timeline

No history available yet.