Skip to main content

Red Hat CVE-2026-31933

| EUVDEUVD-2026-18241 HIGH
Inefficient Algorithmic Complexity (CWE-407)
2026-04-02 security-advisories@github.com
7.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Red Hat
7.5 HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch released
Apr 02, 2026 - 20:30 nvd
Patch available
EUVD ID Assigned
Apr 02, 2026 - 14:22 euvd
EUVD-2026-18241
Analysis Generated
Apr 02, 2026 - 14:22 vuln.today
CVE Published
Apr 02, 2026 - 14:16 nvd
HIGH 7.5

DescriptionGitHub Advisory

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4.

AnalysisAI

Network-accessible resource exhaustion in Suricata IDS allows remote attackers to degrade detection performance via specially crafted traffic. Affects versions prior to 7.0.15 and 8.0.4 (CVSS 7.5 HIGH). Attack requires no authentication (PR:N) and low complexity (AC:L), enabling trivial performance degradation that could blind security monitoring. EPSS data not available, but no public exploit identified at time of analysis. Vendor patches released for both affected branches (7.0.15, 8.0.4).

Technical ContextAI

Suricata is an open-source network threat detection engine performing intrusion detection (IDS), prevention (IPS), and network security monitoring. The vulnerability involves CWE-407 (Inefficient Algorithmic Complexity), where specially crafted network packets trigger computationally expensive processing paths within the detection engine. This algorithmic complexity issue causes CPU resource exhaustion during traffic analysis, degrading throughput and detection coverage. The flaw affects the core traffic inspection pipeline, making it exploitable via normal network attack surface without requiring direct access to the Suricata system itself. The issue is particularly critical for IDS deployments where performance degradation creates security blind spots by preventing timely threat detection.

RemediationAI

Vendor-released patches: Upgrade to Suricata version 7.0.15 for the 7.x branch or version 8.0.4 for the 8.x branch. These versions contain fixes for the algorithmic complexity issue causing performance degradation. Download patched releases from the official OISF Suricata repository or distribution-specific package managers. For SUSE Linux Enterprise environments (noted in tags), apply updates through SUSE security channels when available. No workarounds identified-patching is the primary mitigation strategy. Verify patch effectiveness by monitoring Suricata CPU utilization and packet processing rates under typical traffic loads post-upgrade. Consult the official security advisory at https://github.com/OISF/suricata/security/advisories/GHSA-hvp5-gpr6-j4gp and implementation details at https://redmine.openinfosecfoundation.org/issues/8272 for additional technical guidance.

Vendor StatusVendor

SUSE

Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2026-31933 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy