{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31933", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:10:10.654Z", "datePublished": "2026-04-02T14:03:35.917Z", "dateUpdated": "2026-04-03T16:01:09.310Z"}, "containers": {"cna": {"title": "Suricata stream: quadratic complexity in stream inspection", "problemTypes": [{"descriptions": [{"cweId": "CWE-407", "lang": "en", "description": "CWE-407: Inefficient Algorithmic Complexity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-hvp5-gpr6-j4gp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-hvp5-gpr6-j4gp"}, {"name": "https://redmine.openinfosecfoundation.org/issues/8272", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/8272"}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"version": "< 7.0.15", "status": "affected"}, {"version": ">= 8.0.0, < 8.0.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:03:35.917Z"}, "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4."}], "source": {"advisory": "GHSA-hvp5-gpr6-j4gp", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T16:00:34.285774Z", "id": "CVE-2026-31933", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T16:01:09.310Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31933", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-03T16:00:34.285774Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T16:00:59.307Z"}}], "cna": {"title": "Suricata stream: quadratic complexity in stream inspection", "source": {"advisory": "GHSA-hvp5-gpr6-j4gp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"status": "affected", "version": "< 7.0.15"}, {"status": "affected", "version": ">= 8.0.0, < 8.0.4"}]}], "references": [{"url": "https://github.com/OISF/suricata/security/advisories/GHSA-hvp5-gpr6-j4gp", "name": "https://github.com/OISF/suricata/security/advisories/GHSA-hvp5-gpr6-j4gp", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://redmine.openinfosecfoundation.org/issues/8272", "name": "https://redmine.openinfosecfoundation.org/issues/8272", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-407", "description": "CWE-407: Inefficient Algorithmic Complexity"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:03:35.917Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31933", "state": "PUBLISHED", "dateUpdated": "2026-04-03T16:01:09.310Z", "dateReserved": "2026-03-10T15:10:10.654Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-02T14:03:35.917Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4."}], "id": "CVE-2026-31933", "lastModified": "2026-04-03T16:10:52.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T14:16:28.930", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/OISF/suricata/security/advisories/GHSA-hvp5-gpr6-j4gp"}, {"source": "security-advisories@github.com", "url": "https://redmine.openinfosecfoundation.org/issues/8272"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-407"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "Suricata: Suricata: Denial of Service due to specially crafted network traffic", "id": "2454375", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454375"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["A flaw was found in Suricata, a network Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Network Security Monitoring (NSM) engine. A remote attacker can exploit this vulnerability by sending specially crafted network traffic. This can cause Suricata to slow down significantly, leading to a denial of service (DoS) in IDS mode, which impacts the system's ability to detect and prevent threats."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-31933", "public_date": "2026-04-02T14:03:35Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31933\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31933\nhttps://github.com/OISF/suricata/security/advisories/GHSA-hvp5-gpr6-j4gp\nhttps://redmine.openinfosecfoundation.org/issues/8272"], "statement": "This is an Important denial of service vulnerability in Suricata, a network Intrusion Detection System (IDS). Specially crafted network traffic can cause Suricata to experience significant performance degradation when operating in IDS mode. This can impair the system's ability to effectively detect and prevent threats in Red Hat environments where Suricata is deployed.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.0.15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.0.0,8.0.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "suricata", "source": "cna", "vendor": "OISF"}, "product": "suricata", "vendor": "oisf"}], "analysis": {"en": {"generated_at": "2026-04-03T03:21:48.132020+00:00", "value": {"mitigation_remediation": ["Update Suricata to version 7.0.15 or later, or 8.0.4 or later"], "summary": {"action": "Patch Immediately", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Suricata releases before version 7.0.15 and 8.0.4 from the Open Information Security Foundation. Any deployment of these earlier builds in IDS or IPS mode that receives crafted traffic is potentially impacted.", "description_and_impact": "Suricata, a network intrusion detection and prevention engine, contains a flaw where a specially crafted data stream forces the stream inspection component to perform a quadratic number of operations, causing the engine to slow down dramatically. This excessive processing leads to degraded throughput and may render an IDS instance unresponsive, effectively denying service to legitimate traffic. The weakness corresponds to both inefficient resource usage (CWE-407) and potential denial of service (CWE-770).", "risk_and_exploitability": "The CVSS base score of 7.5 indicates high severity. No EPSS score is available, and the issue is not yet catalogued in the CISA KEV list. The simplest attack vector involves sending tailored packets that trigger the quadratic path; no exploit code is publicly documented, but the impact is observable as a noticeable performance loss in affected systems."}}}}, "created": "2026-04-02T20:12:22.078311+00:00", "updated": "2026-04-03T09:18:44.950582+00:00", "vendors": ["oisf", "oisf$PRODUCT$suricata"]}