Skip to main content

Suricata CVE-2026-22258

HIGH
Uncontrolled Resource Consumption (CWE-400)
2026-01-27 security-advisories@github.com
7.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
Patch released
Jan 30, 2026 - 20:09 nvd
Patch available
CVE Published
Jan 27, 2026 - 17:16 nvd
HIGH 7.5

DescriptionGitHub Advisory

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading to memory exhaustion and the process getting killed. While reported for DCERPC over UDP, it is believed that DCERPC over TCP and SMB are also vulnerable. DCERPC/TCP in the default configuration should not be vulnerable as the default stream depth is limited to 1MiB. Versions 8.0.3 and 7.0.14 contain a patch. Some workarounds are available. For DCERPC/UDP, disable the parser. For DCERPC/TCP, the stream.reassembly.depth setting will limit the amount of data that can be buffered. For DCERPC/SMB, the stream.reassembly.depth can be used as well, but is set to unlimited by default. Imposing a limit here may lead to loss of visibility in SMB.

AnalysisAI

Uncontrolled buffer expansion in Suricata's DCERPC parser allows remote attackers to trigger unbounded memory allocation and cause denial of service by sending specially crafted DCERPC traffic. The vulnerability affects versions prior to 8.0.3 and 7.0.14 across DCERPC/UDP, DCERPC/TCP, and SMB protocols, with TCP being partially protected by default stream depth limits. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious DCERPC packet
Delivery
Send over UDP to Suricata
Exploit
Parser expands buffer without limits
Execution
Memory exhaustion
Impact
Process termination

Vulnerability AssessmentAI

Exploitation DCERPC/UDP parser enabled in Suricata versions prior to 8.0.3 and 7.0.14. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 7.5 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote attacker could exploit this vulnerability to loss of visibility in SMB.
Remediation A vendor patch is available — apply it immediately. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Verify which systems run affected Suricata versions (pre-8.0.3 and pre-7.0.14) and assess criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-59150 HIGH POC
7.5 Oct 01

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric

CVE-2025-29915 HIGH
7.5 Apr 10

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Ra

CVE-2025-59148 HIGH
7.5 Oct 01

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric

CVE-2026-22259 HIGH
7.5 Jan 27

Suricata versions prior to 8.0.3 and 7.0.14 are vulnerable to a denial of service condition where specially crafted DNP3

CVE-2025-59147 HIGH
7.5 Oct 01

A security vulnerability in Suricata (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch

CVE-2026-22260 HIGH
7.5 Jan 27

Suricata versions 8.0.0 through 8.0.2 are susceptible to a stack overflow crash when processing network traffic with imp

CVE-2025-64344 HIGH
7.5 Nov 26

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric

CVE-2025-64335 HIGH
7.5 Nov 26

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric

CVE-2025-64334 HIGH
7.5 Nov 26

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric

CVE-2025-64333 HIGH
7.5 Nov 26

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric

CVE-2025-64332 HIGH
7.5 Nov 26

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric

CVE-2025-64331 HIGH
7.5 Nov 26

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2026-22258 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy