Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionGitHub Advisory
Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4.
AnalysisAI
Denial of service in Suricata 8.0.0 through 8.0.3 allows unauthenticated remote attackers to degrade performance via specially crafted SMTP traffic containing MIME-encoded messages with URLs. The quadratic complexity vulnerability (CWE-407) triggers excessive processing when the IDS/IPS engine searches for URLs in malformed messages. EPSS data not provided, but exploitation probability appears low given no public exploit identified at time of analysis and the requirement for sustained malicious SMTP traffic to achieve impact.
Technical ContextAI
Suricata is an open-source network intrusion detection/prevention system and network security monitoring engine developed by the Open Information Security Foundation (OISF). This vulnerability stems from CWE-407 (algorithmic complexity), specifically quadratic time complexity in the URL extraction logic when processing MIME-encoded SMTP messages. When the engine parses specially constructed MIME content containing URLs, the search algorithm exhibits O(n²) behavior rather than linear complexity, causing CPU consumption to scale exponentially with message size or URL count. This affects the SMTP protocol inspection module in versions 8.0.0 through 8.0.3, impacting organizations using Suricata for email traffic inspection at network perimeters or internal mail relay points.
RemediationAI
Vendor-released patch: version 8.0.4. Organizations running affected Suricata versions should upgrade immediately to version 8.0.4 or later, which contains algorithmic improvements to eliminate the quadratic complexity in MIME URL parsing. The patch is available through the official OISF repository and standard distribution channels. Deployment steps include stopping the Suricata service, upgrading the package via system package manager or compiling from source (tag 8.0.4), verifying configuration compatibility, and restarting the service with validation of SMTP inspection functionality. For environments unable to patch immediately, temporary risk reduction may be achieved by disabling SMTP protocol inspection or implementing rate limiting on SMTP traffic to monitored interfaces, though these workarounds significantly reduce detection capability. Detailed patch information is available in the GitHub security advisory at https://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8 and the vendor's issue tracker at https://redmine.openinfosecfoundation.org/issues/8292.
Same weakness CWE-407 – Inefficient Algorithmic Complexity
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18243