Skip to main content

Red Hat CVE-2026-31934

| EUVDEUVD-2026-18243 HIGH
Inefficient Algorithmic Complexity (CWE-407)
2026-04-02 GitHub_M
7.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Red Hat
7.5 HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch released
Apr 02, 2026 - 20:30 nvd
Patch available
EUVD ID Assigned
Apr 02, 2026 - 15:00 euvd
EUVD-2026-18243
Analysis Generated
Apr 02, 2026 - 15:00 vuln.today
CVE Published
Apr 02, 2026 - 14:21 nvd
HIGH 7.5

DescriptionGitHub Advisory

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4.

AnalysisAI

Denial of service in Suricata 8.0.0 through 8.0.3 allows unauthenticated remote attackers to degrade performance via specially crafted SMTP traffic containing MIME-encoded messages with URLs. The quadratic complexity vulnerability (CWE-407) triggers excessive processing when the IDS/IPS engine searches for URLs in malformed messages. EPSS data not provided, but exploitation probability appears low given no public exploit identified at time of analysis and the requirement for sustained malicious SMTP traffic to achieve impact.

Technical ContextAI

Suricata is an open-source network intrusion detection/prevention system and network security monitoring engine developed by the Open Information Security Foundation (OISF). This vulnerability stems from CWE-407 (algorithmic complexity), specifically quadratic time complexity in the URL extraction logic when processing MIME-encoded SMTP messages. When the engine parses specially constructed MIME content containing URLs, the search algorithm exhibits O(n²) behavior rather than linear complexity, causing CPU consumption to scale exponentially with message size or URL count. This affects the SMTP protocol inspection module in versions 8.0.0 through 8.0.3, impacting organizations using Suricata for email traffic inspection at network perimeters or internal mail relay points.

RemediationAI

Vendor-released patch: version 8.0.4. Organizations running affected Suricata versions should upgrade immediately to version 8.0.4 or later, which contains algorithmic improvements to eliminate the quadratic complexity in MIME URL parsing. The patch is available through the official OISF repository and standard distribution channels. Deployment steps include stopping the Suricata service, upgrading the package via system package manager or compiling from source (tag 8.0.4), verifying configuration compatibility, and restarting the service with validation of SMTP inspection functionality. For environments unable to patch immediately, temporary risk reduction may be achieved by disabling SMTP protocol inspection or implementing rate limiting on SMTP traffic to monitored interfaces, though these workarounds significantly reduce detection capability. Detailed patch information is available in the GitHub security advisory at https://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8 and the vendor's issue tracker at https://redmine.openinfosecfoundation.org/issues/8292.

Vendor StatusVendor

SUSE

Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2026-31934 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy