CVE-2025-59148

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Suricata versions 8.0.0 and earlier

Description Suricata, a network IDS, IPS and NSM engine, experiences an issue where it incorrectly handles the entropy keyword when not anchored to a "sticky" buffer. This can result in a segmentation fault. As a workaround, users can disable rules utilizing the entropy keyword or ensure they are anchored to a sticky buffer.

Recommendations Update to version 8.0.1 or later. Disable rules using the entropy keyword. Validate that rules using the entropy keyword are anchored to a sticky buffer.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2025-14099

BDU:2025-14724

CVE-2025-59148

GHSA-5QF6-92XG-3RR3

OPENSUSE-SU-2025:15592-1

Affected Products

Alt Linux

Suricata

CVE-2025-59148

Weakness Enumeration

Related Identifiers

Affected Products

References · 21