CVE-2026-31934

CVE-2026-31934

Name

CVE-2026-31934

Description

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-advisories@github.com	https://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8
security-advisories@github.com	https://redmine.openinfosecfoundation.org/issues/8292

Type

URI

security-advisories@github.com

https://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8

security-advisories@github.com

https://redmine.openinfosecfoundation.org/issues/8292

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:oisf:suricata::::::::`	suricata	>= 8.0.0	< 8.0.4

CPE URI

Source package

Min version

Max version

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

suricata

>= 8.0.0

< 8.0.4

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
suricata	edge-community	8.0.3-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	8.0.2-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	8.0.0-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	3.23-community	8.0.0-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

suricata

edge-community

8.0.3-r0

Steve McMaster <steve@mcmaster.io>

possibly vulnerable

suricata

edge-community