Primary

Context

Suricata NULL Dereference Vulnerability in Entropy Keyword Processing

Vulnerability

Patched

A NULL dereference vulnerability has been identified in Suricata, a network IDS, IPS, and NSM engine, in versions 8.0.0 prior to 8.0.2. The issue arises when the entropy keyword is used with base64_data, leading to a NULL dereference. This vulnerability has been patched in version 8.0.2. Users can disable rules that combine entropy with base64_data as a temporary workaround.

Impact

Exploitation of this vulnerability leads to a NULL dereference, which can cause a crash or undefined behavior in the application.

Remediation

Users are advised to upgrade to Suricata version 8.0.2. If an immediate upgrade is not possible, rules that use the entropy keyword in conjunction with base64_data can be disabled as a temporary workaround.

Added: Nov 26, 2025, 11:20 PM

Updated: Nov 26, 2025, 11:20 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.3

remediation

8.3

relevance

1.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.3

remediation

8.3

relevance

1.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Suricata NULL Dereference Vulnerability in Entropy Keyword Processing

Vulnerability

Impact

Remediation

Affected Products

OISF Suricata

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating