Published: 2025-11-26T23:15:49.237 Overview This article details a critical security vulnerability, CVE-2025-66030, affecting Node-Forge, a native JavaScript implementation of Transport Layer Security (TLS). This vulnerability stems from an integer overflow in the ASN.1 (Abstract Syntax Notation One) structure processing, potentially allowing attackers to bypass security measures that rely on OID (Object Identifier) validation. Technical Details Node-Forge versions 1.3.1 and below contain an integer overflow vulnerability in the handling of ASN.1 structures. An unauthenticated, remote attacker can craft a malicious ASN.1 structure that includes OIDs with oversized arcs. These arcs, when processed, are subject to 32-bit bitwise truncation. This truncation can result…

Overview CVE-2025-64344 is a high-severity vulnerability affecting Suricata, a powerful network Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Network Security Monitoring (NSM) engine. This vulnerability, discovered in versions prior to 7.0.13 and 8.0.2, can lead to a stack overflow when processing large buffers within Lua scripts. This blog post details the vulnerability, its impact, and provides guidance on mitigation and patching. Technical Details The vulnerability stems from how Suricata handles large buffers passed to Lua scripts. Specifically, when Lua rules or output scripts are used and a large buffer is processed, the potential exists for a stack overflow.…

Overview CVE-2025-64335 is a high-severity vulnerability affecting Suricata, a popular open-source network Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Network Security Monitoring (NSM) engine. This vulnerability, discovered in versions 8.0.0 up to and including 8.0.1, can lead to a NULL dereference, potentially causing a denial-of-service (DoS) condition. The vulnerability occurs when the entropy keyword is used in conjunction with base64_data in Suricata rules. Technical Details The root cause of CVE-2025-64335 lies in the way Suricata handles the combination of the entropy keyword and the base64_data option within its rule engine. Specifically, under certain conditions, the program attempts to…

Overview CVE-2025-64334 is a high-severity vulnerability affecting Suricata, a popular network IDS, IPS, and NSM engine. This vulnerability, identified in versions 8.0.0 to before 8.0.2, stems from improper handling of compressed HTTP data, which can lead to unbounded memory growth during decompression. An attacker could potentially exploit this flaw to cause a denial-of-service (DoS) condition by exhausting the system’s memory resources. A patch is available in version 8.0.2. Technical Details The vulnerability resides in the HTTP decompression functionality of Suricata. When processing compressed HTTP data (specifically when using LZMA compression), the software fails to properly manage memory allocation. This can…

Overview A high-severity vulnerability, identified as CVE-2025-64333, has been discovered in Suricata, a widely used network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring (NSM) engine. This vulnerability, if exploited, can lead to a stack overflow and cause Suricata to crash, potentially disrupting network security operations. The issue stems from the processing of excessively large HTTP content types during logging. Patches are available to address this vulnerability. Technical Details The vulnerability resides in how Suricata handles large HTTP content types when logging network traffic. Specifically, an overly large content type processed during HTTP stream reassembly and…

Overview CVE-2025-64332 is a high-severity vulnerability affecting Suricata, a popular network IDS, IPS, and NSM engine. This vulnerability, discovered in the SWF decompression functionality, can lead to a stack overflow, causing Suricata to crash. The vulnerability exists in Suricata versions prior to 7.0.13 and 8.0.2. Successful exploitation of this vulnerability could disrupt network monitoring and security operations. Technical Details The root cause of CVE-2025-64332 lies in the way Suricata handles SWF (Shockwave Flash) file decompression when the `swf-decompression` feature is enabled. An improperly sized or malicious SWF file can trigger a stack overflow during the decompression process. This occurs because…

Overview CVE-2025-64331 identifies a high-severity stack overflow vulnerability affecting Suricata, a widely used network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring (NSM) engine. This vulnerability exists in versions prior to 7.0.13 and 8.0.2 and is triggered during large HTTP file transfers when the HTTP response body limit is increased and printable HTTP body logging is enabled. Technical Details The root cause of CVE-2025-64331 lies in the way Suricata handles HTTP response body logging. If the HTTP response body limit is increased beyond its default value and the logging of printable HTTP bodies is enabled, a…

Published: 2025-11-26T23:15:48.093 Overview This article details CVE-2025-64330, a high-severity vulnerability affecting Suricata, a leading open-source network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring (NSM) engine. This heap overflow vulnerability, if exploited, can lead to crashes and potentially arbitrary code execution. It’s crucial to understand the nature of this flaw and take immediate action to mitigate the risk. Technical Details CVE-2025-64330 involves a single-byte read heap overflow within Suricata’s logging functionality. Specifically, the vulnerability occurs when logging the verdict (alert or drop) in eve.alert and eve.drop records. This happens under specific conditions: the per-packet alert queue…

Overview A critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-62593, has been discovered in Ray, a distributed AI compute engine. This vulnerability affects developers using Ray as a development tool and can be exploited through browsers like Firefox and Safari. The issue stems from an insufficient defense against browser-based attacks, making Ray installations vulnerable to malicious websites and malvertising campaigns. A patch is available in version 2.52.0. Technical Details The vulnerability in Ray AI arises from an inadequate guard against browser-based attacks. The existing defense relies on checking the User-Agent header for the string “Mozilla”. However, the fetch specification…

Overview CVE-2025-40934 describes a significant vulnerability in the XML-Sig Perl module, specifically affecting versions 0.27 through 0.67. This flaw allows an attacker to bypass signature validation by simply removing the signature from an XML document. The module incorrectly reports a successful validation even when no signature is present, potentially leading to severe security implications. Technical Details The vulnerability stems from the way XML-Sig handles XML documents lacking signatures. Instead of correctly identifying the absence of a signature as an error condition, the affected versions return a ‘true’ value, indicating successful validation. This behavior opens a door for attackers to manipulate…