{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31932", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:10:10.654Z", "datePublished": "2026-04-02T14:02:40.205Z", "dateUpdated": "2026-04-02T18:33:25.016Z"}, "containers": {"cna": {"title": "Suricata krb5: quadratic complexity in krb5 buffering", "problemTypes": [{"descriptions": [{"cweId": "CWE-407", "lang": "en", "description": "CWE-407: Inefficient Algorithmic Complexity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr"}, {"name": "https://redmine.openinfosecfoundation.org/issues/8305", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/8305"}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"version": "< 7.0.15", "status": "affected"}, {"version": ">= 8.0.0, < 8.0.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:02:40.205Z"}, "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4."}], "source": {"advisory": "GHSA-rp9m-jcpw-hggr", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T18:33:08.564205Z", "id": "CVE-2026-31932", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T18:33:25.016Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31932", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:10:10.654Z", "datePublished": "2026-04-02T14:02:40.205Z", "dateUpdated": "2026-04-02T18:33:25.016Z"}, "containers": {"cna": {"title": "Suricata krb5: quadratic complexity in krb5 buffering", "problemTypes": [{"descriptions": [{"cweId": "CWE-407", "lang": "en", "description": "CWE-407: Inefficient Algorithmic Complexity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr"}, {"name": "https://redmine.openinfosecfoundation.org/issues/8305", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/8305"}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"version": "< 7.0.15", "status": "affected"}, {"version": ">= 8.0.0, < 8.0.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:02:40.205Z"}, "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4."}], "source": {"advisory": "GHSA-rp9m-jcpw-hggr", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31932", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T18:33:08.564205Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T18:33:14.922Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E0D4CF4-11E0-4FB1-9C17-F38257D376ED", "versionEndExcluding": "7.0.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*", "matchCriteriaId": "F35C5A48-CA30-43B3-9E53-D3E51C862604", "versionEndExcluding": "8.0.4", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4."}], "id": "CVE-2026-31932", "lastModified": "2026-04-07T18:29:05.083", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T14:16:28.763", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://redmine.openinfosecfoundation.org/issues/8305"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-407"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "Suricata: Suricata: Denial of Service due to inefficiency in KRB5 buffering", "id": "2454367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454367"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["A flaw was found in Suricata, a network Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Network Security Monitoring (NSM) engine. An attacker can exploit an inefficiency in the Kerberos 5 (KRB5) buffering mechanism by sending specially crafted network traffic. This can lead to significant performance degradation, effectively causing a Denial of Service (DoS) for the affected system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-31932", "public_date": "2026-04-02T14:02:40Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31932\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31932\nhttps://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr\nhttps://redmine.openinfosecfoundation.org/issues/8305"], "statement": "This Important flaw in Suricata, a network intrusion detection and prevention system, stems from an inefficiency in its Kerberos 5 (KRB5) buffering mechanism. An unauthenticated attacker can send specially crafted network traffic to a system running Suricata, leading to significant performance degradation and a denial of service. This affects Suricata deployments within Red Hat Community Projects.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.0.15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.0.0,8.0.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "suricata", "source": "cna", "vendor": "OISF"}, "product": "suricata", "vendor": "oisf"}], "analysis": {"en": {"generated_at": "2026-04-07T21:43:55.204354+00:00", "value": {"mitigation_remediation": ["Upgrade Suricata to version 7.0.15 or newer, or 8.0.4 or newer", "Monitor system performance for signs of degradation"], "summary": {"action": "Patch", "impact": "Denial of Service via performance degradation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the OISF Suricata product. All releases before 7.0.15 and 8.0.4 are impacted. Versions 7.0.15 and above, as well as 8.0.4 and later, contain the fix and are not affected.", "description_and_impact": "Suricata, a network IDS/IPS, contains an inefficiency in its Kerberos5 buffering routine that can grow quadratically with the amount of traffic. An attacker who can force the IDS to process large volumes of Kerberos traffic can cause the system to slow dramatically or become overwhelmed, leading to a denial of legitimate network traffic. The flaw is a classic resource exhaustion problem, categorized as CWE\u2011407 and CWE\u2011770. No arbitrary code execution is possible.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity. The EPSS score of less than 1\u202f% suggests that exploitation is not yet common, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is likely remote: an adversary can send crafted Kerberos packets into the network to trigger the quadratic buffering behavior. Because the issue is purely an efficiency bug, an attacker can only degrade performance rather than gain direct access to the system."}}}}, "created": "2026-04-02T20:12:22.971492+00:00", "updated": "2026-04-08T19:56:24.775765+00:00", "vendors": ["oisf", "oisf$PRODUCT$suricata"]}