Primary

Context

Suricata Entropy Keyword Mismanagement Leading to Segmentation Fault Vulnerability

Vulnerability

Patched

A vulnerability in Suricata versions 8.0.0 and earlier exists due to improper handling of the entropy keyword when not linked to a 'sticky' buffer. This mismanagement can cause a segmentation fault. The issue is present in the network IDS, IPS, and NSM engine developed by the Open Information Security Foundation (OISF) and the Suricata community.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a denial of service.

Reproduction

The vulnerability can be reproduced by using a rule that applies the entropy keyword without anchoring it to a sticky buffer. When such a rule is processed, Suricata will dereference a null pointer, causing a segmentation fault.

Remediation

Users can update to Suricata version 8.0.1, which addresses this vulnerability. Alternatively, users can disable rules that use the entropy keyword or ensure that those rules are anchored to a sticky buffer.

Added: Oct 1, 2025, 8:23 PM

Updated: Oct 1, 2025, 8:23 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

8.3

relevance

0.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

8.3

relevance

0.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Suricata Entropy Keyword Mismanagement Leading to Segmentation Fault Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

OISF Suricata

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating