Description
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4.
Published: 2026-04-02
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Suricata versions before 7.0.15 and 8.0.4 are vulnerable to an unbounded resource consumption flaw that can be triggered by flooding the engine with crafted HTTP/2 continuation frames. When these frames are processed, the software allocates memory without proper bounds checks, eventually exhausting available heap space. This shortage usually causes the operating system to kill the Suricata process, resulting in a loss of network monitoring and intrusion detection capabilities. The weakness maps to CWE‑400 (Uncontrolled Resource Consumption) and CWE‑770 (Allocation of Resources on Demand).

Affected Systems

The impacted vendor is the Open Information Security Foundation, whose Suricata network IDS, IPS, and NSM product is affected. All releases preceding version 7.0.15 and 8.0.4 are vulnerable; deployments running these unpatched builds are at risk during HTTP/2 traffic analysis.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity. The EPSS score is below 1 %, implying that widespread exploitation is unlikely at present, and the vulnerability is not listed in the CISA KEV catalog. Attackers would need network access to a Suricata instance and would send a crafted stream of HTTP/2 continuation frames to trigger the memory exhaustion. Successful exploitation results in service interruption rather than code execution.

Generated by OpenCVE AI on April 7, 2026 at 23:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Suricata to version 7.0.15 or later, or to 8.0.4 or later if running an 8.x release.

Generated by OpenCVE AI on April 7, 2026 at 23:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

Fri, 03 Apr 2026 01:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Oisf
Oisf suricata
Vendors & Products Oisf
Oisf suricata
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
Description Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4.
Title Suricata http2: unbounded resource consumption
Weaknesses CWE-400
CWE-770
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oisf Suricata
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-02T18:42:31.423Z

Reserved: 2026-03-10T15:10:10.654Z

Link: CVE-2026-31935

cve-icon Vulnrichment

Updated: 2026-04-02T18:42:27.210Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T15:16:37.657

Modified: 2026-04-07T21:20:24.760

Link: CVE-2026-31935

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-02T14:36:44Z

Links: CVE-2026-31935 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:56:21Z

Weaknesses