CVE-2026-31935

CVE-2026-31935

Name

CVE-2026-31935

Description

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-advisories@github.com	https://github.com/OISF/suricata/security/advisories/GHSA-vxrp-5pg7-7v4x
security-advisories@github.com	https://redmine.openinfosecfoundation.org/issues/8289

Type

URI

security-advisories@github.com

https://github.com/OISF/suricata/security/advisories/GHSA-vxrp-5pg7-7v4x

security-advisories@github.com

https://redmine.openinfosecfoundation.org/issues/8289

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:oisf:suricata::::::::`	suricata	>= None	< 7.0.15
`cpe:2.3:a:oisf:suricata::::::::`	suricata	>= 8.0.0	< 8.0.4

CPE URI

Source package

Min version

Max version

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

suricata

>= None

< 7.0.15

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

suricata

>= 8.0.0

< 8.0.4

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
suricata	edge-community	8.0.3-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	8.0.2-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	8.0.0-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.10-r1	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.10-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.8-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.7-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.6-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	6.0.4-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	6.0.3-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	3.23-community	8.0.0-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

suricata

edge-community

8.0.3-r0

Steve McMaster <steve@mcmaster.io>

possibly vulnerable

suricata

edge-community