Skip to main content

Red Hat CVE-2026-31935

| EUVDEUVD-2026-18245 HIGH
Uncontrolled Resource Consumption (CWE-400)
2026-04-02 GitHub_M
7.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Red Hat
7.5 HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch released
Apr 02, 2026 - 20:30 nvd
Patch available
EUVD ID Assigned
Apr 02, 2026 - 15:00 euvd
EUVD-2026-18245
Analysis Generated
Apr 02, 2026 - 15:00 vuln.today
CVE Published
Apr 02, 2026 - 14:36 nvd
HIGH 7.5

DescriptionGitHub Advisory

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4.

AnalysisAI

Memory exhaustion in Suricata network IDS/IPS via HTTP/2 CONTINUATION frame flooding allows remote unauthenticated attackers to trigger denial of service, typically forcing operating system termination of the Suricata process. Affects all versions prior to 7.0.15 and 8.0.4. EPSS data not available, but CVSS 7.5 (High) reflects network-accessible attack with low complexity requiring no privileges. No public exploit identified at time of analysis, though the attack technique (HTTP/2 frame flooding) is well-documented in protocol security research.

Technical ContextAI

Suricata is an open-source network intrusion detection/prevention system and network security monitoring engine developed by the Open Information Security Foundation (OISF). This vulnerability (CWE-400: Uncontrolled Resource Consumption) resides in Suricata's HTTP/2 protocol parser. HTTP/2 CONTINUATION frames are used to send header block fragments that exceed frame size limits. The vulnerability allows attackers to craft malicious sequences of CONTINUATION frames that exhaust available memory without proper bounds checking or resource limits. As memory consumption grows unchecked, the operating system's out-of-memory killer typically terminates the Suricata process to protect system stability, effectively disabling network monitoring and protection capabilities. This affects the core packet inspection engine across all deployment modes (IDS, IPS, and NSM).

RemediationAI

Immediately upgrade to Suricata version 7.0.15 (for 7.0.x branch users) or version 8.0.4 (for 8.0.x branch users) as released by the Open Information Security Foundation. These versions contain patches addressing the HTTP/2 CONTINUATION frame memory exhaustion issue. Download patched releases from the official OISF GitHub repository or use distribution-provided updates from package managers. For environments where immediate patching is not feasible, consider temporary workarounds such as disabling HTTP/2 protocol inspection if operationally acceptable, implementing rate limiting or connection tracking at network perimeter devices to mitigate flooding attacks, or deploying redundant Suricata instances with automated failover to maintain monitoring continuity. Review Suricata memory allocation settings and ensure adequate monitoring/alerting for process health. Consult the official security advisory at https://github.com/OISF/suricata/security/advisories/GHSA-vxrp-5pg7-7v4x for complete remediation guidance and verify patch application through version checks post-deployment.

Vendor StatusVendor

SUSE

Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2026-31935 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy