CVE-2025-43537

CVE-2025-43537 refers to a vulnerability found in LibHTP, a security-aware parser for the HTTP protocol, affecting versions 0.5.50 and below. This vulnerability is characterized by a traffic-induced memory leak. The technical assessment indicates that this is a CWE-401 (Missing Release of Memory after Effective Lifetime) issue, where the application fails to properly release allocated memory after its effective lifetime. The memory leak can progressively consume system resources, potentially leading to resource starvation and a loss of visibility in the affected system. A patch has been released in version 0.5.51 to address the memory leak. As a workaround, users who cannot immediately update can set `suricata.yaml app-layer.protocols.http.libhtp.default-config.lzma-enabled` to false.