{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31937", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:10:10.654Z", "datePublished": "2026-04-02T14:38:22.496Z", "dateUpdated": "2026-04-03T15:59:28.970Z"}, "containers": {"cna": {"title": "Suricata dcerpc: quadratic complexity in dcerpc buffering", "problemTypes": [{"descriptions": [{"cweId": "CWE-407", "lang": "en", "description": "CWE-407: Inefficient Algorithmic Complexity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg"}, {"name": "https://redmine.openinfosecfoundation.org/issues/8304", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/8304"}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"version": "< 7.0.15", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:38:22.496Z"}, "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15."}], "source": {"advisory": "GHSA-86vg-w8vm-m3gg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T15:58:45.637894Z", "id": "CVE-2026-31937", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T15:59:28.970Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31937", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-03T15:58:45.637894Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T15:59:04.872Z"}}], "cna": {"title": "Suricata dcerpc: quadratic complexity in dcerpc buffering", "source": {"advisory": "GHSA-86vg-w8vm-m3gg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"status": "affected", "version": "< 7.0.15"}]}], "references": [{"url": "https://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg", "name": "https://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://redmine.openinfosecfoundation.org/issues/8304", "name": "https://redmine.openinfosecfoundation.org/issues/8304", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-407", "description": "CWE-407: Inefficient Algorithmic Complexity"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:38:22.496Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31937", "state": "PUBLISHED", "dateUpdated": "2026-04-03T15:59:28.970Z", "dateReserved": "2026-03-10T15:10:10.654Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-02T14:38:22.496Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E0D4CF4-11E0-4FB1-9C17-F38257D376ED", "versionEndExcluding": "7.0.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15."}], "id": "CVE-2026-31937", "lastModified": "2026-04-07T21:19:57.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T15:16:37.847", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://redmine.openinfosecfoundation.org/issues/8304"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-407"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "Suricata: Suricata: Denial of Service via DCERPC buffering inefficiency", "id": "2454377", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454377"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["A flaw was found in Suricata, a network intrusion detection, prevention, and security monitoring engine. A remote attacker could exploit an inefficiency in the Distributed Computing Environment/Remote Procedure Call (DCERPC) buffering mechanism. This could lead to a denial of service (DoS) due to significant performance degradation, impacting the availability of the network monitoring service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-31937", "public_date": "2026-04-02T14:38:22Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31937\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31937\nhttps://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg\nhttps://redmine.openinfosecfoundation.org/issues/8304"], "statement": "Important: A flaw in Suricata's DCERPC buffering mechanism can lead to significant performance degradation, potentially causing a denial of service for the network monitoring service. This affects Red Hat systems running Suricata when processing Distributed Computing Environment/Remote Procedure Call (DCERPC) traffic.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.0.15)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "suricata", "source": "cna", "vendor": "OISF"}, "product": "suricata", "vendor": "oisf"}], "analysis": {"en": {"generated_at": "2026-04-07T23:34:15.971272+00:00", "value": {"mitigation_remediation": ["Update Suricata to version 7.0.15 or newer to apply the patch that removes the quadratic buffering bug."], "summary": {"action": "Patch", "impact": "Denial of Service (performance degradation) due to inefficient DCERPC buffering"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the OISF Suricata product. All releases prior to version 7.0.15 are impacted; version 7.0.15 and later contain a fix that removes the inefficient buffering logic.", "description_and_impact": "Suricata, a network intrusion detection and prevention engine, contains a quadratic time complexity bug in its DCERPC buffering code. The flaw can cause significant slowdowns when handling DCERPC traffic, leading to degraded performance or a denial\u2011of\u2011service condition. The weakness is identified as a resource exhaustion issue, as reflected by the CWE identifiers for inefficient algorithmic complexity and memory allocation errors.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity vulnerability, yet the EPSS score is below 1% and it is not listed in the CISA KEV catalog, suggesting low current exploitation activity. A likely attack vector would involve a remote attacker sending crafted DCERPC packets through the network to the Suricata instance, triggering the quadratic buffering routine and exhausting CPU resources. Without mitigation, an attacker could force the IDS into a state of reduced responsiveness, impacting network monitoring and potentially allowing other malicious traffic to pass undetected."}}}}, "created": "2026-04-02T20:12:16.305362+00:00", "updated": "2026-04-08T19:56:20.192147+00:00", "vendors": ["oisf", "oisf$PRODUCT$suricata"]}