FKIE_CVE-2026-22259

Vulnerability from fkie_nvd - Published: 2026-01-27 17:16 - Updated: 2026-01-30 20:01
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting killed by the OOM killer. Versions 8.0.3 or 7.0.14 contain a patch. As a workaround, disable the DNP3 parser in the suricata yaml (disabled by default).
References
security-advisories@github.comhttps://github.com/OISF/suricata/commit/50cac2e2465ca211eabfa156623e585e9037bb7ePatch
security-advisories@github.comhttps://github.com/OISF/suricata/commit/63225d5f8ef64cc65164c0bb1800730842d54942Patch
security-advisories@github.comhttps://github.com/OISF/suricata/security/advisories/GHSA-878h-2x6v-84q9Patch, Vendor Advisory
security-advisories@github.comhttps://redmine.openinfosecfoundation.org/issues/8181Issue Tracking, Permissions Required
Impacted products
Vendor Product Version
oisf suricata *
oisf suricata *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5302B0F0-AF2D-4140-BC66-9186EF7E455D",
              "versionEndExcluding": "7.0.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7DA8362-52A2-4ACC-83F7-CA2E77AE89C6",
              "versionEndExcluding": "8.0.3",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting killed by the OOM killer. Versions 8.0.3 or 7.0.14 contain a patch. As a workaround, disable the DNP3 parser in the suricata yaml (disabled by default)."
    },
    {
      "lang": "es",
      "value": "Suricata es un motor IDS, IPS y NSM de red. Antes de las versiones 8.0.3 y 7.0.14, el tr\u00e1fico especialmente dise\u00f1ado puede hacer que Suricata consuma grandes cantidades de memoria mientras analiza el tr\u00e1fico DNP3. Esto puede provocar que el proceso se ralentice y se quede sin memoria, lo que podr\u00eda llevar a que sea terminado por el OOM killer. Las versiones 8.0.3 o 7.0.14 contienen un parche. Como soluci\u00f3n alternativa, deshabilite el analizador DNP3 en el suricata yaml (deshabilitado por defecto)."
    }
  ],
  "id": "CVE-2026-22259",
  "lastModified": "2026-01-30T20:01:49.137",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-27T17:16:12.407",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/50cac2e2465ca211eabfa156623e585e9037bb7e"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/63225d5f8ef64cc65164c0bb1800730842d54942"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/OISF/suricata/security/advisories/GHSA-878h-2x6v-84q9"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://redmine.openinfosecfoundation.org/issues/8181"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        },
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.