CVE-2026-22258

CVE-2026-22258

Name

CVE-2026-22258

Description

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading to memory exhaustion and the process getting killed. While reported for DCERPC over UDP, it is believed that DCERPC over TCP and SMB are also vulnerable. DCERPC/TCP in the default configuration should not be vulnerable as the default stream depth is limited to 1MiB. Versions 8.0.3 and 7.0.14 contain a patch. Some workarounds are available. For DCERPC/UDP, disable the parser. For DCERPC/TCP, the `stream.reassembly.depth` setting will limit the amount of data that can be buffered. For DCERPC/SMB, the `stream.reassembly.depth` can be used as well, but is set to unlimited by default. Imposing a limit here may lead to loss of visibility in SMB.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-advisories@github.com	https://github.com/OISF/suricata/commit/39d8c302af3422a096b75474a4f295a754ec6a74
security-advisories@github.com	https://github.com/OISF/suricata/commit/f82a388d0283725cb76782cf64e8341cab370830
security-advisories@github.com	https://github.com/OISF/suricata/security/advisories/GHSA-289c-h599-3xcx
security-advisories@github.com	https://redmine.openinfosecfoundation.org/issues/8182

Type

URI

security-advisories@github.com

https://github.com/OISF/suricata/commit/39d8c302af3422a096b75474a4f295a754ec6a74

security-advisories@github.com

https://github.com/OISF/suricata/commit/f82a388d0283725cb76782cf64e8341cab370830

security-advisories@github.com

https://github.com/OISF/suricata/security/advisories/GHSA-289c-h599-3xcx

security-advisories@github.com

https://redmine.openinfosecfoundation.org/issues/8182

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:oisf:suricata::::::::`	suricata	>= None	< 7.0.14
`cpe:2.3:a:oisf:suricata::::::::`	suricata	>= 8.0.0	< 8.0.3

CPE URI

Source package

Min version

Max version

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

suricata

>= None

< 7.0.14

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

suricata

>= 8.0.0

< 8.0.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
suricata	edge-community	8.0.2-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	8.0.0-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.10-r1	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.10-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.8-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.7-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.6-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	6.0.4-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	6.0.3-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	3.23-community	8.0.0-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

suricata

edge-community

8.0.2-r0

Steve McMaster <steve@mcmaster.io>

possibly vulnerable

suricata

edge-community