Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionGitHub Advisory
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4.
AnalysisAI
Performance degradation in Suricata IDS/IPS engine allows remote unauthenticated attackers to cause denial of service through inefficient Kerberos 5 buffering. Affects versions prior to 7.0.15 and 8.0.4. CVSS 7.5 with high availability impact. No public exploit identified at time of analysis, EPSS data not provided. Vendor-released patches available in versions 7.0.15 and 8.0.4.
Technical ContextAI
Suricata is an open-source network intrusion detection/prevention system and network security monitoring engine. The vulnerability stems from CWE-407 (Inefficient Algorithmic Complexity), specifically in the handling of Kerberos 5 (KRB5) protocol traffic. KRB5 is a widely-used network authentication protocol that relies on tickets for authentication. The inefficient buffering implementation causes algorithmic complexity issues when processing KRB5 traffic, leading to resource exhaustion and performance degradation. This affects Suricata's core packet processing capabilities, which is critical for real-time network security monitoring. The flaw impacts both major Suricata branches: the 7.0.x stable series and the newer 8.0.x series, indicating a longstanding architectural issue in the KRB5 parsing module.
RemediationAI
Upgrade to Suricata version 7.0.15 or later for the 7.0.x branch, or version 8.0.4 or later for the 8.0.x branch. Both versions contain patches addressing the inefficient KRB5 buffering issue. Organizations should prioritize upgrades for production IDS/IPS deployments, especially those monitoring networks with high volumes of Kerberos authentication traffic. Consult the GitHub security advisory at https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr for complete upgrade guidance. If immediate patching is not feasible, consider temporarily disabling KRB5 protocol inspection as a workaround, though this reduces security visibility for Kerberos-based attacks. Monitor Suricata performance metrics during high Kerberos traffic periods to detect potential exploitation attempts manifesting as CPU spikes or packet processing delays.
Same weakness CWE-407 – Inefficient Algorithmic Complexity
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18239