CVE-2026-31935Uncontrolled Resource Consumption in Suricata

CWE-400Uncontrolled Resource ConsumptionCWE-770Allocation of Resources Without Limits or Throttling19 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 83.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oisf Suricata
Timeline
PublishedApr 2
Latest updateApr 3

Description

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5oisf/suricata< 7.0.15+1
NVDoisf/suricata8.0.08.0.4+1
Debianoisf/suricata< 1:8.0.4-1

🔴Vulnerability Details

3
OSV
CVE-2026-31935: (Suricata is a network IDS, IPS and NSM engine2026-04-03
CVEList
Suricata http2: unbounded resource consumption2026-04-02
OSV
CVE-2026-31935: Suricata is a network IDS, IPS and NSM engine2026-04-02

📋Vendor Advisories

2
Red Hat
Suricata: Suricata: Denial of Service via HTTP2 continuation frame flooding2026-04-02
Debian
CVE-2026-31935: suricata - Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0....2026

🕵️Threat Intelligence

13
Wiz
CVE-2026-22262 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-22264 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-31937 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-31935 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-31932 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-31935 — Uncontrolled Resource Consumption | cvebase