{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31934", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:10:10.654Z", "datePublished": "2026-04-02T14:21:08.207Z", "dateUpdated": "2026-04-02T15:00:49.250Z"}, "containers": {"cna": {"title": "Suricata smtp/mine: quadratic complexity in extracting urls", "problemTypes": [{"descriptions": [{"cweId": "CWE-407", "lang": "en", "description": "CWE-407: Inefficient Algorithmic Complexity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8"}, {"name": "https://redmine.openinfosecfoundation.org/issues/8292", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/8292"}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"version": ">= 8.0.0, < 8.0.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:21:08.207Z"}, "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4."}], "source": {"advisory": "GHSA-hr89-h2pp-f3c8", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T15:00:40.229823Z", "id": "CVE-2026-31934", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T15:00:49.250Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31934", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T15:00:40.229823Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T15:00:44.719Z"}}], "cna": {"title": "Suricata smtp/mine: quadratic complexity in extracting urls", "source": {"advisory": "GHSA-hr89-h2pp-f3c8", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"status": "affected", "version": ">= 8.0.0, < 8.0.4"}]}], "references": [{"url": "https://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8", "name": "https://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://redmine.openinfosecfoundation.org/issues/8292", "name": "https://redmine.openinfosecfoundation.org/issues/8292", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-407", "description": "CWE-407: Inefficient Algorithmic Complexity"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:21:08.207Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31934", "state": "PUBLISHED", "dateUpdated": "2026-04-02T15:00:49.250Z", "dateReserved": "2026-03-10T15:10:10.654Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-02T14:21:08.207Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*", "matchCriteriaId": "F35C5A48-CA30-43B3-9E53-D3E51C862604", "versionEndExcluding": "8.0.4", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4."}], "id": "CVE-2026-31934", "lastModified": "2026-04-07T21:20:09.030", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T15:16:37.440", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://redmine.openinfosecfoundation.org/issues/8292"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-407"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "Suricata: Suricata: Denial of Service via quadratic complexity in URL search of MIME-encoded SMTP messages", "id": "2454374", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454374"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-1333", "details": ["A flaw was found in Suricata, a network Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Network Security Monitoring (NSM) engine. A remote attacker could exploit a quadratic complexity issue when searching for URLs in MIME-encoded messages over SMTP. This could lead to a significant performance impact, potentially causing a Denial of Service (DoS) condition for the affected system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-31934", "public_date": "2026-04-02T14:21:08Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31934\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31934\nhttps://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8\nhttps://redmine.openinfosecfoundation.org/issues/8292"], "statement": "This Important flaw in Suricata affects versions 8.0.0 through 8.0.3. A remote attacker can trigger a Denial of Service by sending specially crafted MIME-encoded SMTP messages, leading to a quadratic complexity issue during URL processing. This can significantly degrade performance and impact the availability of the Suricata engine.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.0.0,8.0.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "suricata", "source": "cna", "vendor": "OISF"}, "product": "suricata", "vendor": "oisf"}], "analysis": {"en": {"generated_at": "2026-04-07T23:34:34.034283+00:00", "value": {"mitigation_remediation": ["Apply the official patch by updating to Suricata version 8.0.4 or later", "If an upgrade is not immediately possible, limit the volume of SMTP traffic processed by Suricata to reduce the impact of the quadratic operation", "Monitor CPU and memory metrics for Suricata during periods of high SMTP traffic and consider temporarily disabling URL extraction if performance degrades"], "summary": {"action": "Immediate Patch", "impact": "Denial of Service (performance degradation)"}, "threat_synthesis": {"affected_systems": "The issue affects the OISF Suricata product, specifically versions 8.0.0 through 8.0.3. Users running any of these releases should verify that their deployment is affected and plan to upgrade.", "description_and_impact": "A quadratic complexity issue exists in Suricata\u2019s smtp/mine component when extracting URLs from MIME-encoded SMTP messages. The flaw can cause excessive CPU usage and memory consumption, leading to degraded performance or a denial of service on the affected system. The weakness is classified as CWE\u20111333 (Excessive Computation) and CWE\u2011407 (Improper Resource Management).", "risk_and_exploitability": "With a CVSS score of 7.5, the vulnerability is considered high severity. The EPSS score is below 1%, indicating low current exploit probability, and it is not listed in CISA\u2019s KEV catalog. The likely attack vector is an attacker sending specially crafted SMTP MIME traffic to a Suricata instance, which could trigger the high\u2011complexity algorithm and drain resources."}}}}, "created": "2026-04-02T20:12:20.147905+00:00", "updated": "2026-04-08T19:56:22.523850+00:00", "vendors": ["oisf", "oisf$PRODUCT$suricata"]}