CVE-2026-22259
Publication date 27 January 2026
Last updated 28 January 2026
Ubuntu priority
Description
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting killed by the OOM killer. Versions 8.0.3 or 7.0.14 contain a patch. As a workaround, disable the DNP3 parser in the suricata yaml (disabled by default).
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| suricata | 25.10 questing |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.5 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2026-22259
- https://github.com/OISF/suricata/security/advisories/GHSA-878h-2x6v-84q9
- https://github.com/OISF/suricata/commit/50cac2e2465ca211eabfa156623e585e9037bb7e (suricata-8.0.3)
- https://github.com/OISF/suricata/commit/63225d5f8ef64cc65164c0bb1800730842d54942 (suricata-7.0.14)
- https://github.com/OISF/suricata/commit/50cac2e2465ca211eabfa156623e585e9037bb7e
- https://github.com/OISF/suricata/commit/63225d5f8ef64cc65164c0bb1800730842d54942
- https://redmine.openinfosecfoundation.org/issues/8181