{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22262", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-07T05:19:12.923Z", "datePublished": "2026-01-27T18:18:52.922Z", "dateUpdated": "2026-01-27T19:30:42.782Z"}, "containers": {"cna": {"title": "Suricata datasets: stack overflow when saving a set", "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "lang": "en", "description": "CWE-121: Stack-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-9qg5-2gwh-xp86", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-9qg5-2gwh-xp86"}, {"name": "https://github.com/OISF/suricata/commit/0eff24213763c2aa2bb0957901d5dc1e18414dbf", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/suricata/commit/0eff24213763c2aa2bb0957901d5dc1e18414dbf"}, {"name": "https://github.com/OISF/suricata/commit/27a2180bceaa3477419c78c54fce364398d011f1", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/suricata/commit/27a2180bceaa3477419c78c54fce364398d011f1"}, {"name": "https://github.com/OISF/suricata/commit/32609e6896f9079c175665a94005417cec7637eb", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/suricata/commit/32609e6896f9079c175665a94005417cec7637eb"}, {"name": "https://github.com/OISF/suricata/commit/32a1b9ae6aa80a60c073897e38a2ac6ea0f64521", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/suricata/commit/32a1b9ae6aa80a60c073897e38a2ac6ea0f64521"}, {"name": "https://github.com/OISF/suricata/commit/d6bc718e303ecbec5999066b8bc88eeeca743658", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/suricata/commit/d6bc718e303ecbec5999066b8bc88eeeca743658"}, {"name": "https://github.com/OISF/suricata/commit/d767dfadcd166f82683757818b9e46943326ac90", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/suricata/commit/d767dfadcd166f82683757818b9e46943326ac90"}, {"name": "https://redmine.openinfosecfoundation.org/issues/8110", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/8110"}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"version": "< 7.0.14", "status": "affected"}, {"version": ">= 8.0.0, < 8.0.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-27T18:18:52.922Z"}, "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not use rules with datasets `save` nor `state` options."}], "source": {"advisory": "GHSA-9qg5-2gwh-xp86", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T19:29:40.963947Z", "id": "CVE-2026-22262", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T19:30:42.782Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22262", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T19:29:40.963947Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T19:30:08.868Z"}}], "cna": {"title": "Suricata datasets: stack overflow when saving a set", "source": {"advisory": "GHSA-9qg5-2gwh-xp86", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"status": "affected", "version": "< 7.0.14"}, {"status": "affected", "version": ">= 8.0.0, < 8.0.3"}]}], "references": [{"url": "https://github.com/OISF/suricata/security/advisories/GHSA-9qg5-2gwh-xp86", "name": "https://github.com/OISF/suricata/security/advisories/GHSA-9qg5-2gwh-xp86", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/OISF/suricata/commit/0eff24213763c2aa2bb0957901d5dc1e18414dbf", "name": "https://github.com/OISF/suricata/commit/0eff24213763c2aa2bb0957901d5dc1e18414dbf", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/OISF/suricata/commit/27a2180bceaa3477419c78c54fce364398d011f1", "name": "https://github.com/OISF/suricata/commit/27a2180bceaa3477419c78c54fce364398d011f1", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/OISF/suricata/commit/32609e6896f9079c175665a94005417cec7637eb", "name": "https://github.com/OISF/suricata/commit/32609e6896f9079c175665a94005417cec7637eb", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/OISF/suricata/commit/32a1b9ae6aa80a60c073897e38a2ac6ea0f64521", "name": "https://github.com/OISF/suricata/commit/32a1b9ae6aa80a60c073897e38a2ac6ea0f64521", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/OISF/suricata/commit/d6bc718e303ecbec5999066b8bc88eeeca743658", "name": "https://github.com/OISF/suricata/commit/d6bc718e303ecbec5999066b8bc88eeeca743658", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/OISF/suricata/commit/d767dfadcd166f82683757818b9e46943326ac90", "name": "https://github.com/OISF/suricata/commit/d767dfadcd166f82683757818b9e46943326ac90", "tags": ["x_refsource_MISC"]}, {"url": "https://redmine.openinfosecfoundation.org/issues/8110", "name": "https://redmine.openinfosecfoundation.org/issues/8110", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not use rules with datasets `save` nor `state` options."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-27T18:18:52.922Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22262", "state": "PUBLISHED", "dateUpdated": "2026-01-27T19:30:42.782Z", "dateReserved": "2026-01-07T05:19:12.923Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-27T18:18:52.922Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*", "matchCriteriaId": "5302B0F0-AF2D-4140-BC66-9186EF7E455D", "versionEndExcluding": "7.0.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7DA8362-52A2-4ACC-83F7-CA2E77AE89C6", "versionEndExcluding": "8.0.3", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not use rules with datasets `save` nor `state` options."}], "id": "CVE-2026-22262", "lastModified": "2026-01-29T21:01:55.213", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-27T19:16:14.340", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/OISF/suricata/commit/0eff24213763c2aa2bb0957901d5dc1e18414dbf"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/OISF/suricata/commit/27a2180bceaa3477419c78c54fce364398d011f1"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/OISF/suricata/commit/32609e6896f9079c175665a94005417cec7637eb"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/OISF/suricata/commit/32a1b9ae6aa80a60c073897e38a2ac6ea0f64521"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/OISF/suricata/commit/d6bc718e303ecbec5999066b8bc88eeeca743658"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/OISF/suricata/commit/d767dfadcd166f82683757818b9e46943326ac90"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-9qg5-2gwh-xp86"}, {"source": "security-advisories@github.com", "tags": ["Permissions Required"], "url": "https://redmine.openinfosecfoundation.org/issues/8110"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "suricata: Suricata: Denial of service due to stack overflow when saving large datasets", "id": "2433479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433479"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-121", "details": ["A flaw was found in Suricata, a network intrusion detection/prevention system (IDS/IPS). When saving a dataset, the system uses a stack buffer to process the data. If an attacker provides excessively large data within a dataset, it can cause a stack overflow. This vulnerability could lead to a denial of service, making the system unavailable."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, avoid using rules with the `save` or `state` options for datasets in Suricata configurations. Disabling these specific dataset options prevents the vulnerable code path from being exercised, thereby eliminating the risk of a stack overflow. A restart of the Suricata service may be required for the changes to take effect."}, "name": "CVE-2026-22262", "public_date": "2026-01-27T18:18:52Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-22262\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-22262\nhttps://github.com/OISF/suricata/commit/0eff24213763c2aa2bb0957901d5dc1e18414dbf\nhttps://github.com/OISF/suricata/commit/27a2180bceaa3477419c78c54fce364398d011f1\nhttps://github.com/OISF/suricata/commit/32609e6896f9079c175665a94005417cec7637eb\nhttps://github.com/OISF/suricata/commit/32a1b9ae6aa80a60c073897e38a2ac6ea0f64521\nhttps://github.com/OISF/suricata/commit/d6bc718e303ecbec5999066b8bc88eeeca743658\nhttps://github.com/OISF/suricata/commit/d767dfadcd166f82683757818b9e46943326ac90\nhttps://github.com/OISF/suricata/security/advisories/GHSA-9qg5-2gwh-xp86\nhttps://redmine.openinfosecfoundation.org/issues/8110"], "statement": "The vulnerability in Suricata, rated as MODERATE, involves a stack overflow when saving a dataset if the data exceeds the allocated buffer size. This flaw affects Suricata versions prior to 8.0.3 and 7.0.14. Red Hat customers running affected versions of Suricata are impacted if their intrusion detection rules utilize the `save` or `state` options with datasets, which can lead to a denial of service.", "threat_severity": "Moderate"}

{"created": "2026-01-28T12:22:09.775622+00:00", "updated": "2026-01-28T12:22:09.775649+00:00", "vendors": ["oisf", "oisf$PRODUCT$suricata"]}