Description
Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15.
Published: 2026-04-02
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: Performance Degradation (potential DoS)
Action: Apply patch
AI Analysis

Impact

Suricata’s DCERPC buffering routine contains a quadratic complexity path that can be triggered by specially crafted DCERPC packets. When an attacker sends a large or malformed request, the buffering routine may consume excessive CPU cycles, temporarily halting or slowing other network inspection tasks. This can lead to a denial of service for the sensor and it is an example of a processor exhaustion vulnerability (CWE‑407).

Affected Systems

The issue affects OISF Suricata deployments built before version 7.0.15. Versions 7.0.15 and later contain the fix that removes the inefficient buffering code. If you are running an older build, consider it impacted until the patch is applied.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity vulnerability. Exploit probability data is not publicly disclosed. The vulnerability is not listed in the known exploited vulnerabilities catalog. The likely attack vector is network‑based: a remote attacker can send malicious DCERPC traffic to trigger the inefficiency, resulting in resource exhaustion and service degradation.

Generated by OpenCVE AI on April 2, 2026 at 15:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Suricata to version 7.0.15 or later
  • If upgrading is delayed, restrict or block DCERPC traffic at the network perimeter
  • Continuously monitor CPU usage and Suricata logs for signs of abnormal performance degradation

Generated by OpenCVE AI on April 2, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 01:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Oisf
Oisf suricata
Vendors & Products Oisf
Oisf suricata

Thu, 02 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
Description Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15.
Title Suricata dcerpc: quadratic complexity in dcerpc buffering
Weaknesses CWE-407
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oisf Suricata
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-02T14:38:22.496Z

Reserved: 2026-03-10T15:10:10.654Z

Link: CVE-2026-31937

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-02T15:16:37.847

Modified: 2026-04-02T15:16:37.847

Link: CVE-2026-31937

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-02T14:38:22Z

Links: CVE-2026-31937 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:20:56Z

Weaknesses