CVE-2026-31935

| EUVD-2026-18245 HIGH
2026-04-02 GitHub_M
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch Released
Apr 02, 2026 - 20:30 nvd
Patch available
EUVD ID Assigned
Apr 02, 2026 - 15:00 euvd
EUVD-2026-18245
Analysis Generated
Apr 02, 2026 - 15:00 vuln.today
CVE Published
Apr 02, 2026 - 14:36 nvd
HIGH 7.5

Tags

Denial Of Service

Description

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4.

Analysis

Memory exhaustion in Suricata network IDS/IPS via HTTP/2 CONTINUATION frame flooding allows remote unauthenticated attackers to trigger denial of service, typically forcing operating system termination of the Suricata process. Affects all versions prior to 7.0.15 and 8.0.4. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Verify current Suricata versions in production (check `suricata --version`); confirm which systems run versions prior to 7.0.15 or 8.0.4. Within 7 days: Implement interim HTTP/2 frame-size filtering at upstream proxies or firewalls to reject oversized CONTINUATION frame sequences; document baseline memory consumption for monitoring anomalies. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: 0

Vendor Status

Share

CVE-2026-31935 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy