Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionGitHub Advisory
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4.
AnalysisAI
Memory exhaustion in Suricata network IDS/IPS via HTTP/2 CONTINUATION frame flooding allows remote unauthenticated attackers to trigger denial of service, typically forcing operating system termination of the Suricata process. Affects all versions prior to 7.0.15 and 8.0.4. EPSS data not available, but CVSS 7.5 (High) reflects network-accessible attack with low complexity requiring no privileges. No public exploit identified at time of analysis, though the attack technique (HTTP/2 frame flooding) is well-documented in protocol security research.
Technical ContextAI
Suricata is an open-source network intrusion detection/prevention system and network security monitoring engine developed by the Open Information Security Foundation (OISF). This vulnerability (CWE-400: Uncontrolled Resource Consumption) resides in Suricata's HTTP/2 protocol parser. HTTP/2 CONTINUATION frames are used to send header block fragments that exceed frame size limits. The vulnerability allows attackers to craft malicious sequences of CONTINUATION frames that exhaust available memory without proper bounds checking or resource limits. As memory consumption grows unchecked, the operating system's out-of-memory killer typically terminates the Suricata process to protect system stability, effectively disabling network monitoring and protection capabilities. This affects the core packet inspection engine across all deployment modes (IDS, IPS, and NSM).
RemediationAI
Immediately upgrade to Suricata version 7.0.15 (for 7.0.x branch users) or version 8.0.4 (for 8.0.x branch users) as released by the Open Information Security Foundation. These versions contain patches addressing the HTTP/2 CONTINUATION frame memory exhaustion issue. Download patched releases from the official OISF GitHub repository or use distribution-provided updates from package managers. For environments where immediate patching is not feasible, consider temporary workarounds such as disabling HTTP/2 protocol inspection if operationally acceptable, implementing rate limiting or connection tracking at network perimeter devices to mitigate flooding attacks, or deploying redundant Suricata instances with automated failover to maintain monitoring continuity. Review Suricata memory allocation settings and ensure adequate monitoring/alerting for process health. Consult the official security advisory at https://github.com/OISF/suricata/security/advisories/GHSA-vxrp-5pg7-7v4x for complete remediation guidance and verify patch application through version checks post-deployment.
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allVendor StatusVendor
SUSE
| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18245