{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31932", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:10:10.654Z", "datePublished": "2026-04-02T14:02:40.205Z", "dateUpdated": "2026-04-02T18:33:25.016Z"}, "containers": {"cna": {"title": "Suricata krb5: quadratic complexity in krb5 buffering", "problemTypes": [{"descriptions": [{"cweId": "CWE-407", "lang": "en", "description": "CWE-407: Inefficient Algorithmic Complexity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr"}, {"name": "https://redmine.openinfosecfoundation.org/issues/8305", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/8305"}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"version": "< 7.0.15", "status": "affected"}, {"version": ">= 8.0.0, < 8.0.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:02:40.205Z"}, "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4."}], "source": {"advisory": "GHSA-rp9m-jcpw-hggr", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T18:33:08.564205Z", "id": "CVE-2026-31932", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T18:33:25.016Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31932", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:10:10.654Z", "datePublished": "2026-04-02T14:02:40.205Z", "dateUpdated": "2026-04-02T18:33:25.016Z"}, "containers": {"cna": {"title": "Suricata krb5: quadratic complexity in krb5 buffering", "problemTypes": [{"descriptions": [{"cweId": "CWE-407", "lang": "en", "description": "CWE-407: Inefficient Algorithmic Complexity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr"}, {"name": "https://redmine.openinfosecfoundation.org/issues/8305", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/8305"}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"version": "< 7.0.15", "status": "affected"}, {"version": ">= 8.0.0, < 8.0.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:02:40.205Z"}, "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4."}], "source": {"advisory": "GHSA-rp9m-jcpw-hggr", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31932", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T18:33:08.564205Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T18:33:14.922Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4."}], "id": "CVE-2026-31932", "lastModified": "2026-04-03T16:10:52.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T14:16:28.763", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr"}, {"source": "security-advisories@github.com", "url": "https://redmine.openinfosecfoundation.org/issues/8305"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-407"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "Suricata: Suricata: Denial of Service due to inefficiency in KRB5 buffering", "id": "2454367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454367"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["A flaw was found in Suricata, a network Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Network Security Monitoring (NSM) engine. An attacker can exploit an inefficiency in the Kerberos 5 (KRB5) buffering mechanism by sending specially crafted network traffic. This can lead to significant performance degradation, effectively causing a Denial of Service (DoS) for the affected system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-31932", "public_date": "2026-04-02T14:02:40Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31932\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31932\nhttps://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr\nhttps://redmine.openinfosecfoundation.org/issues/8305"], "statement": "This Important flaw in Suricata, a network intrusion detection and prevention system, stems from an inefficiency in its Kerberos 5 (KRB5) buffering mechanism. An unauthenticated attacker can send specially crafted network traffic to a system running Suricata, leading to significant performance degradation and a denial of service. This affects Suricata deployments within Red Hat Community Projects.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.0.15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.0.0,8.0.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "suricata", "source": "cna", "vendor": "OISF"}, "product": "suricata", "vendor": "oisf"}], "analysis": {"en": {"generated_at": "2026-04-03T03:22:18.710040+00:00", "value": {"mitigation_remediation": ["Upgrade Suricata to version 7.0.15 or later, including 8.0.4 or newer", "If the software cannot be upgraded immediately, monitor traffic for unusually high Kerberos packet rates and limit or filter such traffic to prevent resource exhaustion"], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Affected deployments are those running Suricata versions earlier than 7.0.15 or 8.0.4. The vendor OISF has released patches in those two releases. Any installation using Suricata 7.0.0\u20117.0.14 or 8.0.0\u20118.0.3 is susceptible.", "description_and_impact": "This vulnerability arises from quadratic complexity in the Kerberos\u202f5 buffering subsystem within Suricata. The flaw allows an attacker to trigger excessive memory consumption and sluggishness when the engine processes Kerberos traffic, potentially leading to a denial of service. It is classified under CWE\u2011407 (Improper Resource Management) and CWE\u2011770 (Memory Allocation).", "risk_and_exploitability": "The CVSS score of 7.5 denotes a high severity. EPSS data is not available, and the issue is not listed in CISA\u2019s KEV catalog, suggesting no known widespread exploitation. Nevertheless, the attack vector is inferred to be remote via crafted Kerberos packets that can be sent over the network, exploiting the quadratic buffering path when it is actively parsing traffic. The risk is therefore a remote denial of service that could degrade or halt network monitoring services if the attacker can sustain a high volume of malicious traffic."}}}}, "created": "2026-04-02T20:12:22.971492+00:00", "updated": "2026-04-03T09:18:45.910401+00:00", "vendors": ["oisf", "oisf$PRODUCT$suricata"]}