CVE-2025-64335
BaseFortify
Publication date: 2025-11-26
Last updated on: 2025-12-12
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oisf | suricata | From 8.0.0 (inc) to 8.0.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Suricata versions 8.0.0 to before 8.0.2 involves a NULL pointer dereference that occurs when the entropy keyword is used together with base64_data. This can cause the program to crash or behave unexpectedly. The issue has been fixed in version 8.0.2, and a temporary workaround is to disable rules that use entropy with base64_data.
How can this vulnerability impact me? :
The vulnerability can cause Suricata to crash or become unavailable due to a NULL dereference, leading to denial of service (DoS). This impacts the availability of the network intrusion detection and prevention system, potentially leaving the network unmonitored or unprotected.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Suricata to version 8.0.2 or later. As a workaround before upgrading, disable rules that use the entropy keyword in conjunction with base64_data.