CVE-2026-22259
HIGH severity · CVSS 7.5 · Uncontrolled resource consumption
7.5CVSS HIGH
Summary
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting killed by the OOM killer. Versions 8.0.3 or 7.0.14 contain a patch. As a workaround, disable the DNP3 parser in the suricata yaml (disabled by default).
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactNone
Integrity impactNone
Availability impactHigh
Exploit probability (EPSS)1%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: https://github.com/OISF/suricata/commit/50cac2e2465ca211eabfa156623e585e9037bb7e ↗
Additional information
- NVD record
- https://github.com/OISF/suricata/commit/50cac2e2465ca211eabfa156623e585e9037bb7ePatch
- https://github.com/OISF/suricata/commit/63225d5f8ef64cc65164c0bb1800730842d54942Patch
- https://github.com/OISF/suricata/security/advisories/GHSA-878h-2x6v-84q9Patch
- https://redmine.openinfosecfoundation.org/issues/8181