Unrated severityNVD Advisory· Published Oct 1, 2025· Updated Oct 1, 2025
Suricata's improper use of entropy keyword can lead to a NULL-ptr deref
CVE-2025-59148
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a "sticky" buffer, which can lead to a segmentation fault. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules using the entropy keyword, or validate they are anchored to a sticky buffer.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018mitrex_refsource_MISC
- github.com/OISF/suricata/commit/9f32550e18f97ea5d610dd7c36aab0ba142c096cmitrex_refsource_MISC
- github.com/OISF/suricata/security/advisories/GHSA-5qf6-92xg-3rr3mitrex_refsource_CONFIRM
- redmine.openinfosecfoundation.org/issues/7838mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.