Skip to main content

Suricata CVE-2026-22259

HIGH
Uncontrolled Resource Consumption (CWE-400)
2026-01-27 security-advisories@github.com
7.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
Patch released
Jan 30, 2026 - 20:01 nvd
Patch available
CVE Published
Jan 27, 2026 - 17:16 nvd
HIGH 7.5

DescriptionGitHub Advisory

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting killed by the OOM killer. Versions 8.0.3 or 7.0.14 contain a patch. As a workaround, disable the DNP3 parser in the suricata yaml (disabled by default).

AnalysisAI

Suricata versions prior to 8.0.3 and 7.0.14 are vulnerable to a denial of service condition where specially crafted DNP3 traffic triggers excessive memory consumption, potentially exhausting system memory and causing the service to crash. An unauthenticated attacker on the network can exploit this by sending malicious DNP3 packets to cause the IDS/IPS engine to become unavailable. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious DNP3 traffic
Exploit
Send over network to Suricata
Execution
Parser consumes excessive memory
Impact
Process killed by OOM killer

Vulnerability AssessmentAI

Exploitation DNP3 parser must be enabled in Suricata configuration (enabled by default in versions prior to 8.0.3 and 7.0.14). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 7.5 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote attacker could exploit this vulnerability to the process slowing down and running out of memory, potentially leading to it ge.
Remediation A vendor patch is available — apply it immediately. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Suricata deployments and document current versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-59150 HIGH POC
7.5 Oct 01

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric

CVE-2025-29915 HIGH
7.5 Apr 10

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Ra

CVE-2025-59148 HIGH
7.5 Oct 01

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric

CVE-2026-22258 HIGH
7.5 Jan 27

Uncontrolled buffer expansion in Suricata's DCERPC parser allows remote attackers to trigger unbounded memory allocation

CVE-2025-59147 HIGH
7.5 Oct 01

A security vulnerability in Suricata (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch

CVE-2026-22260 HIGH
7.5 Jan 27

Suricata versions 8.0.0 through 8.0.2 are susceptible to a stack overflow crash when processing network traffic with imp

CVE-2025-64344 HIGH
7.5 Nov 26

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric

CVE-2025-64335 HIGH
7.5 Nov 26

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric

CVE-2025-64334 HIGH
7.5 Nov 26

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric

CVE-2025-64333 HIGH
7.5 Nov 26

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric

CVE-2025-64332 HIGH
7.5 Nov 26

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric

CVE-2025-64331 HIGH
7.5 Nov 26

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2026-22259 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy