CVE-2026-22263

CVE-2026-22263

Name

CVE-2026-22263

Description

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-advisories@github.com	https://github.com/OISF/suricata/commit/018a377f74e3eb2b042c6f783ad9043060923428
security-advisories@github.com	https://github.com/OISF/suricata/security/advisories/GHSA-rwc5-hxj6-hwx7
security-advisories@github.com	https://redmine.openinfosecfoundation.org/issues/8201

Type

URI

security-advisories@github.com

https://github.com/OISF/suricata/commit/018a377f74e3eb2b042c6f783ad9043060923428

security-advisories@github.com

https://github.com/OISF/suricata/security/advisories/GHSA-rwc5-hxj6-hwx7

security-advisories@github.com

https://redmine.openinfosecfoundation.org/issues/8201

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:oisf:suricata::::::::`	suricata	>= 8.0.0	< 8.0.3

CPE URI

Source package

Min version

Max version

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

suricata

>= 8.0.0

< 8.0.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
suricata	edge-community	8.0.2-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	8.0.0-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	3.23-community	8.0.0-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

suricata

edge-community

8.0.2-r0

Steve McMaster <steve@mcmaster.io>

possibly vulnerable

suricata

edge-community