CVE-2026-22264

Name
CVE-2026-22264
Description
Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating excessive amounts of alerts for a single packet. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not run untrusted rulesets or run with less than 65536 signatures that can match on the same packet.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security-advisories@github.com https://github.com/OISF/suricata/commit/549d7bf60616de8e54686a188196453b5b22f715
security-advisories@github.com https://github.com/OISF/suricata/commit/5789a3d3760dbf33d93fc56c27bd9529e5bdc8f2
security-advisories@github.com https://github.com/OISF/suricata/commit/ac1eb394181530430fb7262969f423a1bf8f209b
security-advisories@github.com https://github.com/OISF/suricata/security/advisories/GHSA-mqr8-m3m4-2hw5
security-advisories@github.com https://redmine.openinfosecfoundation.org/issues/8190

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:* suricata >= None < 7.0.14
cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:* suricata >= 8.0.0 < 8.0.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
suricata edge-community 8.0.2-r0 Steve McMaster <steve@mcmaster.io> possibly vulnerable
suricata edge-community 8.0.0-r0 Steve McMaster <steve@mcmaster.io> possibly vulnerable
suricata edge-community 7.0.10-r1 Steve McMaster <steve@mcmaster.io> possibly vulnerable
suricata edge-community 7.0.10-r0 Steve McMaster <steve@mcmaster.io> possibly vulnerable
suricata edge-community 7.0.8-r0 Steve McMaster <code@mcmaster.io> possibly vulnerable
suricata edge-community 7.0.7-r0 Steve McMaster <code@mcmaster.io> possibly vulnerable
suricata edge-community 7.0.6-r0 Steve McMaster <code@mcmaster.io> possibly vulnerable
suricata edge-community 6.0.4-r0 Steve McMaster <code@mcmaster.io> possibly vulnerable
suricata edge-community 6.0.3-r0 Steve McMaster <code@mcmaster.io> possibly vulnerable
suricata 3.23-community 8.0.0-r0 Steve McMaster <steve@mcmaster.io> possibly vulnerable