Description
Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not use rules with datasets `save` nor `state` options.
Published: 2026-01-27
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stack‑based buffer overflow in Suricata dataset saving
Action: Apply patch
AI Analysis

Impact

When Suricata processes a dataset, it uses a stack buffer to assemble the data. In versions older than 8.0.3 and 7.0.14, a dataset that exceeds the buffer capacity triggers a stack overflow. The overflow can corrupt memory used by Suricata, leading to unpredictable program behavior or crashes. The flaw is classified as CWE‑121 (Stack Based Buffer Overflow) and CWE‑787 (Out of Bounds Write).

Affected Systems

The vulnerability affects OISF Suricata versions 7.0.0 through 7.0.13 and 8.0.0 through 8.0.2. Versions 7.0.14 and 8.0.3 include the fix; other releases are not known to be affected.

Risk and Exploitability

The CVSS score of 5.9 reflects moderate severity, while the EPSS score of less than 1 % indicates a very low likelihood of exploitation at present. Suricata is not listed in CISA KEV, so no widespread exploitation is documented. The most likely attack vector requires local access to configure or supply rule datasets, but could also be remote if the dataset is influenced by external inputs.

Generated by OpenCVE AI on April 18, 2026 at 18:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Suricata to version 8.0.3 or later, or to 7.0.14 or later if staying on the 7.x branch, to apply the official fix.
  • Avoid using the dataset options that trigger a save or state action until the patch is applied; this is the documented workaround.
  • If upgrading immediately is not feasible, reduce dataset size or remove large entries so that the data remains below the stack buffer capacity, thereby preventing overflow.

Generated by OpenCVE AI on April 18, 2026 at 18:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 29 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

Wed, 28 Jan 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Oisf
Oisf suricata
Vendors & Products Oisf
Oisf suricata

Wed, 28 Jan 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 27 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 18:45:00 +0000

Type Values Removed Values Added
Description Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not use rules with datasets `save` nor `state` options.
Title Suricata datasets: stack overflow when saving a set
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oisf Suricata
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-27T19:30:42.782Z

Reserved: 2026-01-07T05:19:12.923Z

Link: CVE-2026-22262

cve-icon Vulnrichment

Updated: 2026-01-27T19:30:08.868Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-27T19:16:14.340

Modified: 2026-01-29T21:01:55.213

Link: CVE-2026-22262

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-01-27T18:18:52Z

Links: CVE-2026-22262 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T19:00:08Z

Weaknesses