Suricata
CVE-2026-22258
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading to memory exhaustion and the process getting killed. While reported for DCERPC over UDP, it is believed that DCERPC over TCP and SMB are also vulnerable. DCERPC/TCP in the default configuration should not be vulnerable as the default stream depth is limited to 1MiB. Versions 8.0.3 and 7.0.14 contain a patch. Some workarounds are available. For DCERPC/UDP, disable the parser. For DCERPC/TCP, the stream.reassembly.depth setting will limit the amount of data that can be buffered. For DCERPC/SMB, the stream.reassembly.depth can be used as well, but is set to unlimited by default. Imposing a limit here may lead to loss of visibility in SMB.
AnalysisAI
Uncontrolled buffer expansion in Suricata's DCERPC parser allows remote attackers to trigger unbounded memory allocation and cause denial of service by sending specially crafted DCERPC traffic. The vulnerability affects versions prior to 8.0.3 and 7.0.14 across DCERPC/UDP, DCERPC/TCP, and SMB protocols, with TCP being partially protected by default stream depth limits. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | DCERPC/UDP parser enabled in Suricata versions prior to 8.0.3 and 7.0.14. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 7.5 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote attacker could exploit this vulnerability to loss of visibility in SMB. |
| Remediation | A vendor patch is available — apply it immediately. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Verify which systems run affected Suricata versions (pre-8.0.3 and pre-7.0.14) and assess criticality. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Ra
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric
Suricata versions prior to 8.0.3 and 7.0.14 are vulnerable to a denial of service condition where specially crafted DNP3
A security vulnerability in Suricata (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch
Suricata versions 8.0.0 through 8.0.2 are susceptible to a stack overflow crash when processing network traffic with imp
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today