{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31933", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:10:10.654Z", "datePublished": "2026-04-02T14:03:35.917Z", "dateUpdated": "2026-04-02T14:03:35.917Z"}, "containers": {"cna": {"title": "Suricata stream: quadratic complexity in stream inspection", "problemTypes": [{"descriptions": [{"cweId": "CWE-407", "lang": "en", "description": "CWE-407: Inefficient Algorithmic Complexity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-hvp5-gpr6-j4gp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-hvp5-gpr6-j4gp"}, {"name": "https://redmine.openinfosecfoundation.org/issues/8272", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/8272"}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"version": "< 7.0.15", "status": "affected"}, {"version": ">= 8.0.0, < 8.0.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:03:35.917Z"}, "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4."}], "source": {"advisory": "GHSA-hvp5-gpr6-j4gp", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4."}], "id": "CVE-2026-31933", "lastModified": "2026-04-02T14:16:28.930", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T14:16:28.930", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/OISF/suricata/security/advisories/GHSA-hvp5-gpr6-j4gp"}, {"source": "security-advisories@github.com", "url": "https://redmine.openinfosecfoundation.org/issues/8272"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-407"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.0.15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.0.0,8.0.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "suricata", "source": "cna", "vendor": "OISF"}, "product": "suricata", "vendor": "oisf"}], "analysis": {"en": {"generated_at": "2026-04-02T15:22:21.448607+00:00", "value": {"mitigation_remediation": ["Apply the latest Suricata patch (7.0.15 or 8.0.4) to eliminate the quadratic complexity bug.", "Verify that the upgraded version is running and that system resource usage has returned to normal levels.", "Continue to monitor network traffic and IDS performance for any abnormal slowdown after the update."], "summary": {"action": "Patch", "impact": "Denial of Service (Performance Degradation)"}, "threat_synthesis": {"affected_systems": "The flaw affects the Open Information Security Foundation\u2019s Suricata network IDS, IPS, and NSM solution. Versions older than 7.0.15 and 8.0.4 are susceptible. All deployments running those versions are at risk until the patch is applied.", "description_and_impact": "The vulnerability in Suricata\u2019s stream inspection module introduces a quadratic time complexity that can be triggered by specially crafted traffic. This results in excessive CPU and memory usage, leading to significant performance degradation and potential denial of service when the IDS is operational. The weakness is classified as CWE\u2011407, a logic error that allows an attacker to cause resource exhaustion.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity impact. Because the EPSS score is not available and the vulnerability is not listed in CISA's KEV catalog, the current likelihood of exploitation is uncertain but the potential damage is significant. The attack vector is inferred to be through network traffic that contains specially crafted packets, allowing an adversary to remotely trigger the quadratic processing overhead without requiring local privileges."}}}}, "created": "2026-04-02T20:12:22.078311+00:00", "updated": "2026-04-02T20:21:02.621082+00:00", "vendors": ["oisf", "oisf$PRODUCT$suricata"]}