Description
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4.
Published: 2026-04-02
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via performance degradation
Action: Patch Update
AI Analysis

Impact

Suricata, a network IDS, IPS and NSM engine, suffers from quadratic processing complexity in its stream inspection routine. When an attacker sends specially crafted traffic, the engine's packet handling slows dramatically, reducing throughput and potentially causing the IDS to fall behind legitimate traffic. This weakness corresponds to resource exhaustion and poor input handling, allowing an attacker to deplete processing resources.

Affected Systems

All versions of OISF Suricata prior to 7.0.15 and 8.0.4 are affected. Users of the 7.x line must upgrade to 7.0.15 or later; users of the 8.x line must upgrade to 8.0.4 or later to receive the fix.

Risk and Exploitability

The CVSS score is 7.5, indicating a high severity impact on availability. The EPSS score is less than 1%, suggesting a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Exploitation can be achieved by an attacker who can inject crafted traffic into the network stream observed by Suricata. No special privileges or local access are required; the attack vector is a remote network-based injection. Successful exploitation results in degraded performance or a denial of service. No workaround is available beyond applying the patch.

Generated by OpenCVE AI on April 7, 2026 at 23:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Suricata to version 7.0.15 or later for the 7.x line, or to 8.0.4 or later for the 8.x line; this patch removes the quadratic complexity.
  • Restart the Suricata service to load the updated binary.
  • Verify that the running Suricata version matches the patched release by checking the version output or logs.
  • Ensure that every node in your Suricata deployment is updated to the patched version to maintain consistent protection.

Generated by OpenCVE AI on April 7, 2026 at 23:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

Fri, 03 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 01:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Oisf
Oisf suricata
Vendors & Products Oisf
Oisf suricata

Thu, 02 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4.
Title Suricata stream: quadratic complexity in stream inspection
Weaknesses CWE-407
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oisf Suricata
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-03T16:01:09.310Z

Reserved: 2026-03-10T15:10:10.654Z

Link: CVE-2026-31933

cve-icon Vulnrichment

Updated: 2026-04-03T16:00:59.307Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T14:16:28.930

Modified: 2026-04-07T18:30:03.053

Link: CVE-2026-31933

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-02T14:03:35Z

Links: CVE-2026-31933 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:56:23Z

Weaknesses