Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionGitHub Advisory
Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15.
AnalysisAI
Network denial-of-service in Suricata prior to 7.0.15 allows remote unauthenticated attackers to degrade intrusion detection performance via inefficient DCERPC buffering. The flaw enables attackers to bypass or impair network security monitoring by exhausting system resources through malformed DCERPC traffic, effectively blinding detection capabilities. No public exploit identified at time of analysis, though EPSS score and exploitation likelihood were not provided in available data.
Technical ContextAI
Suricata is an open-source network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring (NSM) engine maintained by the Open Information Security Foundation (OISF). This vulnerability stems from CWE-407 (Inefficient Algorithmic Complexity), specifically in the DCERPC (Distributed Computing Environment Remote Procedure Call) protocol parser. DCERPC is Microsoft's RPC implementation used extensively in Windows networks for inter-process communication. The inefficient buffering implementation causes excessive resource consumption when processing DCERPC traffic, degrading the engine's ability to inspect network traffic at line rate. This affects the core packet inspection pipeline, making Suricata vulnerable to resource exhaustion attacks that could allow malicious traffic to pass uninspected during performance degradation periods.
RemediationAI
Organizations should immediately upgrade to Suricata version 7.0.15 or later, which contains the vendor-released patch addressing the inefficient DCERPC buffering issue. The fix is available from the Open Information Security Foundation's official repositories and distribution channels. Administrators should verify the upgrade by checking the running version with 'suricata --build-info' and reviewing logs for performance improvements when processing DCERPC traffic. For environments unable to immediately upgrade, consider temporarily disabling DCERPC protocol inspection if this traffic type is not critical to the security monitoring posture, though this workaround reduces detection capabilities. SUSE users should apply security updates through their standard package management channels once vendor packages are released. Detailed patch information and installation guidance is provided in the GitHub security advisory at https://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg. After upgrading, monitor system resource utilization and alert performance to confirm resolution of the performance degradation issue.
Same weakness CWE-407 – Inefficient Algorithmic Complexity
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18246