Fluid Attacks Database

Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	suricata	=1:7.0.10-1 \|\| =1:7.0.11-1 \|\| =1:7.0.11-1~bpo13+1 \|\| =1:8.0.0-1~exp1 \|\| =1:8.0.0-1~exp2 \|\| =1:8.0.0-1~exp4 \|\| =1:8.0.0-1~exp5 \|\| =1:8.0.1-1 \|\| =1:8.0.1-2 \|\| =1:8.0.1-3 \|\| =1:8.0.1-3~bpo13+1 \|\| =1:8.0.2-1~bpo13+1 \|\| >=0 <1:8.0.2-1	1:8.0.2-1

Aliases

1. CVE-2025-643352. NVD-2025-643353. OSV-DEBIAN-2025-643354. OSV-2025-643355. SECURITY-TRACKER-CVE-2025-64335

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.