Description
Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15.
Published: 2026-04-02
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (performance degradation) due to inefficient DCERPC buffering
Action: Patch
AI Analysis

Impact

Suricata, a network intrusion detection and prevention engine, contains a quadratic time complexity bug in its DCERPC buffering code. The flaw can cause significant slowdowns when handling DCERPC traffic, leading to degraded performance or a denial‑of‑service condition. The weakness is identified as a resource exhaustion issue, as reflected by the CWE identifiers for inefficient algorithmic complexity and memory allocation errors.

Affected Systems

The vulnerability affects the OISF Suricata product. All releases prior to version 7.0.15 are impacted; version 7.0.15 and later contain a fix that removes the inefficient buffering logic.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity vulnerability, yet the EPSS score is below 1% and it is not listed in the CISA KEV catalog, suggesting low current exploitation activity. A likely attack vector would involve a remote attacker sending crafted DCERPC packets through the network to the Suricata instance, triggering the quadratic buffering routine and exhausting CPU resources. Without mitigation, an attacker could force the IDS into a state of reduced responsiveness, impacting network monitoring and potentially allowing other malicious traffic to pass undetected.

Generated by OpenCVE AI on April 7, 2026 at 23:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Suricata to version 7.0.15 or newer to apply the patch that removes the quadratic buffering bug.

Generated by OpenCVE AI on April 7, 2026 at 23:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

Fri, 03 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 01:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Oisf
Oisf suricata
Vendors & Products Oisf
Oisf suricata

Thu, 02 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
Description Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15.
Title Suricata dcerpc: quadratic complexity in dcerpc buffering
Weaknesses CWE-407
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oisf Suricata
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-03T15:59:28.970Z

Reserved: 2026-03-10T15:10:10.654Z

Link: CVE-2026-31937

cve-icon Vulnrichment

Updated: 2026-04-03T15:59:04.872Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T15:16:37.847

Modified: 2026-04-07T21:19:57.280

Link: CVE-2026-31937

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-02T14:38:22Z

Links: CVE-2026-31937 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:56:20Z

Weaknesses