CVE-2026-22260

CVE-2026-22260

Name

CVE-2026-22260

Description

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for `request-body-limit` and `response-body-limit`.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-advisories@github.com	https://github.com/OISF/suricata/commit/0dddac7278c8b9cf3c1e4c1c71e620a78ec1c185
security-advisories@github.com	https://github.com/OISF/suricata/security/advisories/GHSA-3gm8-84cm-5x22
security-advisories@github.com	https://redmine.openinfosecfoundation.org/issues/8185

Type

URI

security-advisories@github.com

https://github.com/OISF/suricata/commit/0dddac7278c8b9cf3c1e4c1c71e620a78ec1c185

security-advisories@github.com

https://github.com/OISF/suricata/security/advisories/GHSA-3gm8-84cm-5x22

security-advisories@github.com

https://redmine.openinfosecfoundation.org/issues/8185

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:oisf:suricata::::::::`	suricata	>= 8.0.0	< 8.0.3

CPE URI

Source package

Min version

Max version

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

suricata

>= 8.0.0

< 8.0.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
suricata	edge-community	8.0.2-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	8.0.0-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	3.23-community	8.0.0-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

suricata

edge-community

8.0.2-r0

Steve McMaster <steve@mcmaster.io>

possibly vulnerable

suricata

edge-community