Description
Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for `request-body-limit` and `response-body-limit`.
Published: 2026-01-27
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

The flaw is an infinite recursion triggered during HTTP decompression, causing a stack overflow that crashes Suricata. As the CVE description does not specify the exact input that triggers the recursion, it is inferred that malformed or specially crafted HTTP traffic could invoke the recursive decompression path, leading to an application crash and denial of service. The issue is rooted in unchecked recursion (CWE‑674) and memory overwrite (CWE‑787).

Affected Systems

OISF Suricata network IDS/IPS versions 8.0.0 through 8.0.2. The problem exists in all builds covering the http1 module during decompression, and the fix was applied in release 8.0.3.

Risk and Exploitability

The CVSS rating of 7.5 indicates a high severity level for this vulnerability. The EPSS score of < 1% suggests a low probability of exploitation at the time of analysis. The vulnerability is not listed in the CISA KEV catalog. The CVE statement does not detail the attack vector, so the specific conditions under which the recursion can be triggered remain unspecified.

Generated by OpenCVE AI on April 18, 2026 at 14:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Suricata to version 8.0.3 or later to apply the stack‑overflow fix.
  • If an upgrade is temporarily infeasible, configure Suricata to use the default request‑body‑limit and response‑body‑limit settings, which prevent the decompression routine from receiving oversized payloads that trigger the recursion.
  • Place Suricata behind a firewall or reverse proxy that filters or limits HTTP traffic to reduce the chance of malicious requests reaching the engine.

Generated by OpenCVE AI on April 18, 2026 at 14:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 29 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

Wed, 28 Jan 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Oisf
Oisf suricata
Vendors & Products Oisf
Oisf suricata

Tue, 27 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 17:45:00 +0000

Type Values Removed Values Added
Description Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for `request-body-limit` and `response-body-limit`.
Title Suricata http1: infinite recursion in decompression
Weaknesses CWE-674
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oisf Suricata
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-27T17:57:27.806Z

Reserved: 2026-01-07T05:19:12.922Z

Link: CVE-2026-22260

cve-icon Vulnrichment

Updated: 2026-01-27T17:57:07.945Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-27T18:15:55.383

Modified: 2026-01-29T21:03:54.520

Link: CVE-2026-22260

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:00:03Z

Weaknesses