Description
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4.
Published: 2026-04-02
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: Denial of Service via memory exhaustion
Action: Patch Now
AI Analysis

Impact

An attacker who can send traffic to a Suricata engine can construct a flood of HTTP/2 continuation frames that cause the software to allocate more memory than intended. The unbounded consumption of resources eventually exhausts the system’s memory, causing the Suricata process to be terminated by the operating system. This vulnerability leads to a denial of service condition, interrupting network monitoring and intrusion detection functions.

Affected Systems

The issue affects the Open Information Security Foundation’s Suricata network IDS, IPS, and NSM engine. Versions before 7.0.15 and before 8.0.4 are affected. Operators running those releases on any platform are at risk.

Risk and Exploitability

The CVSS score of 7.5 indicates a high risk, and while EPSS data is lacking, the vulnerability is not currently listed in the CISA KEV catalog. Because the flaw can be triggered by crafted network traffic that a remote adversary can generate, the attack vector is likely remote, requiring no special privileges. The lack of a published exploit suggests exploitation may be low‑to‑moderate, but the potential for a simple, automated denial of service remains significant.

Generated by OpenCVE AI on April 2, 2026 at 15:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Suricata to version 7.0.15 or later, or 8.0.4 or later, depending on your current release.
  • Restart the Suricata service after the upgrade to ensure the new version is running.
  • Monitor system memory usage to detect any abnormal spikes that could indicate attempts to trigger the vulnerability.
  • If an upgrade cannot be performed immediately, consider restricting HTTP/2 traffic flow to the Suricata sensor or applying firewall rules to limit malformed frame traffic.

Generated by OpenCVE AI on April 2, 2026 at 15:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 01:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Oisf
Oisf suricata
Vendors & Products Oisf
Oisf suricata
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
Description Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4.
Title Suricata http2: unbounded resource consumption
Weaknesses CWE-400
CWE-770
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oisf Suricata
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-02T18:42:31.423Z

Reserved: 2026-03-10T15:10:10.654Z

Link: CVE-2026-31935

cve-icon Vulnrichment

Updated: 2026-04-02T18:42:27.210Z

cve-icon NVD

Status : Received

Published: 2026-04-02T15:16:37.657

Modified: 2026-04-02T15:16:37.657

Link: CVE-2026-31935

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-02T14:36:44Z

Links: CVE-2026-31935 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:20:57Z

Weaknesses