CVE-2025-59148
HIGHSuricata <= 8.0.0 - Denial of Service via Entropy Keyword Handling
Title source: llmDescription
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a "sticky" buffer, which can lead to a segmentation fault. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules using the entropy keyword, or validate they are anchored to a sticky buffer.
References (4)
Core 4
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://github.com/OISF/suricata/security/advisories/GHSA-5qf6-92xg-3rr3
Patch x_refsource_misc
https://github.com/OISF/suricata/commit/9f32550e18f97ea5d610dd7c36aab0ba142c096c
Release Notes x_refsource_misc
https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018
Issue Tracking x_refsource_misc
https://redmine.openinfosecfoundation.org/issues/7838
Scores
CVSS v3
7.5
EPSS
0.0040
EPSS Percentile
31.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (1)
oisf/suricata
8.0.0 (3 CPE variants)
Published
Oct 01, 2025
Tracked Since
Feb 18, 2026