Skip to main content

Red Hat CVE-2026-31932

| EUVDEUVD-2026-18239 HIGH
Inefficient Algorithmic Complexity (CWE-407)
2026-04-02 security-advisories@github.com
7.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Red Hat
7.5 HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch released
Apr 02, 2026 - 20:30 nvd
Patch available
EUVD ID Assigned
Apr 02, 2026 - 14:22 euvd
EUVD-2026-18239
Analysis Generated
Apr 02, 2026 - 14:22 vuln.today
CVE Published
Apr 02, 2026 - 14:16 nvd
HIGH 7.5

DescriptionGitHub Advisory

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4.

AnalysisAI

Performance degradation in Suricata IDS/IPS engine allows remote unauthenticated attackers to cause denial of service through inefficient Kerberos 5 buffering. Affects versions prior to 7.0.15 and 8.0.4. CVSS 7.5 with high availability impact. No public exploit identified at time of analysis, EPSS data not provided. Vendor-released patches available in versions 7.0.15 and 8.0.4.

Technical ContextAI

Suricata is an open-source network intrusion detection/prevention system and network security monitoring engine. The vulnerability stems from CWE-407 (Inefficient Algorithmic Complexity), specifically in the handling of Kerberos 5 (KRB5) protocol traffic. KRB5 is a widely-used network authentication protocol that relies on tickets for authentication. The inefficient buffering implementation causes algorithmic complexity issues when processing KRB5 traffic, leading to resource exhaustion and performance degradation. This affects Suricata's core packet processing capabilities, which is critical for real-time network security monitoring. The flaw impacts both major Suricata branches: the 7.0.x stable series and the newer 8.0.x series, indicating a longstanding architectural issue in the KRB5 parsing module.

RemediationAI

Upgrade to Suricata version 7.0.15 or later for the 7.0.x branch, or version 8.0.4 or later for the 8.0.x branch. Both versions contain patches addressing the inefficient KRB5 buffering issue. Organizations should prioritize upgrades for production IDS/IPS deployments, especially those monitoring networks with high volumes of Kerberos authentication traffic. Consult the GitHub security advisory at https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr for complete upgrade guidance. If immediate patching is not feasible, consider temporarily disabling KRB5 protocol inspection as a workaround, though this reduces security visibility for Kerberos-based attacks. Monitor Suricata performance metrics during high Kerberos traffic periods to detect potential exploitation attempts manifesting as CPU spikes or packet processing delays.

Vendor StatusVendor

SUSE

Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2026-31932 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy