Suricata
CVE-2026-22259
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting killed by the OOM killer. Versions 8.0.3 or 7.0.14 contain a patch. As a workaround, disable the DNP3 parser in the suricata yaml (disabled by default).
AnalysisAI
Suricata versions prior to 8.0.3 and 7.0.14 are vulnerable to a denial of service condition where specially crafted DNP3 traffic triggers excessive memory consumption, potentially exhausting system memory and causing the service to crash. An unauthenticated attacker on the network can exploit this by sending malicious DNP3 packets to cause the IDS/IPS engine to become unavailable. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | DNP3 parser must be enabled in Suricata configuration (enabled by default in versions prior to 8.0.3 and 7.0.14). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 7.5 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote attacker could exploit this vulnerability to the process slowing down and running out of memory, potentially leading to it ge. |
| Remediation | A vendor patch is available — apply it immediately. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Suricata deployments and document current versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Ra
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric
Uncontrolled buffer expansion in Suricata's DCERPC parser allows remote attackers to trigger unbounded memory allocation
A security vulnerability in Suricata (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch
Suricata versions 8.0.0 through 8.0.2 are susceptible to a stack overflow crash when processing network traffic with imp
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today