{"id":"CVE-2025-53537","summary":"LibHTP's memory leak with lzma can lead to resource starvation","details":"LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To workaround this issue, set `suricata.yaml app-layer.protocols.http.libhtp.default-config.lzma-enabled` to false. This issue is fixed in version 0.5.51.","aliases":["GHSA-v3qq-h8mh-vph7"],"modified":"2026-04-28T04:10:57.808302Z","published":"2025-07-23T20:35:30.824Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53537.json","cwe_ids":["CWE-401"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53537.json"},{"type":"ADVISORY","url":"https://github.com/OISF/libhtp/security/advisories/GHSA-v3qq-h8mh-vph7"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53537"},{"type":"FIX","url":"https://github.com/OISF/libhtp/commit/9037ea35110a0d97be5cedf8d31fb4cd9a38c7a7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/oisf/libhtp","events":[{"introduced":"0"},{"fixed":"3ff79ead4d6b995b771d392d7f0697bfc9201d5d"}]}],"versions":["0.5.0","0.5.1","0.5.10","0.5.11","0.5.12","0.5.13","0.5.14","0.5.15","0.5.16","0.5.17","0.5.18","0.5.19","0.5.2","0.5.20","0.5.21","0.5.22","0.5.23","0.5.24","0.5.25","0.5.26","0.5.27","0.5.28","0.5.29","0.5.3","0.5.30","0.5.31","0.5.32","0.5.33","0.5.34","0.5.35","0.5.36","0.5.37","0.5.38","0.5.39","0.5.4","0.5.40","0.5.41","0.5.42","0.5.43","0.5.44","0.5.45","0.5.46","0.5.47","0.5.48","0.5.49","0.5.5","0.5.50","0.5.6","0.5.7","0.5.8","0.5.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-53537.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}