{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31937", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:10:10.654Z", "datePublished": "2026-04-02T14:38:22.496Z", "dateUpdated": "2026-04-03T15:59:28.970Z"}, "containers": {"cna": {"title": "Suricata dcerpc: quadratic complexity in dcerpc buffering", "problemTypes": [{"descriptions": [{"cweId": "CWE-407", "lang": "en", "description": "CWE-407: Inefficient Algorithmic Complexity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg"}, {"name": "https://redmine.openinfosecfoundation.org/issues/8304", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/8304"}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"version": "< 7.0.15", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:38:22.496Z"}, "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15."}], "source": {"advisory": "GHSA-86vg-w8vm-m3gg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T15:58:45.637894Z", "id": "CVE-2026-31937", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T15:59:28.970Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31937", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-03T15:58:45.637894Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T15:59:04.872Z"}}], "cna": {"title": "Suricata dcerpc: quadratic complexity in dcerpc buffering", "source": {"advisory": "GHSA-86vg-w8vm-m3gg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"status": "affected", "version": "< 7.0.15"}]}], "references": [{"url": "https://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg", "name": "https://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://redmine.openinfosecfoundation.org/issues/8304", "name": "https://redmine.openinfosecfoundation.org/issues/8304", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-407", "description": "CWE-407: Inefficient Algorithmic Complexity"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:38:22.496Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31937", "state": "PUBLISHED", "dateUpdated": "2026-04-03T15:59:28.970Z", "dateReserved": "2026-03-10T15:10:10.654Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-02T14:38:22.496Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15."}], "id": "CVE-2026-31937", "lastModified": "2026-04-03T16:10:52.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T15:16:37.847", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg"}, {"source": "security-advisories@github.com", "url": "https://redmine.openinfosecfoundation.org/issues/8304"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-407"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "Suricata: Suricata: Denial of Service via DCERPC buffering inefficiency", "id": "2454377", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454377"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["A flaw was found in Suricata, a network intrusion detection, prevention, and security monitoring engine. A remote attacker could exploit an inefficiency in the Distributed Computing Environment/Remote Procedure Call (DCERPC) buffering mechanism. This could lead to a denial of service (DoS) due to significant performance degradation, impacting the availability of the network monitoring service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-31937", "public_date": "2026-04-02T14:38:22Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31937\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31937\nhttps://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg\nhttps://redmine.openinfosecfoundation.org/issues/8304"], "statement": "Important: A flaw in Suricata's DCERPC buffering mechanism can lead to significant performance degradation, potentially causing a denial of service for the network monitoring service. This affects Red Hat systems running Suricata when processing Distributed Computing Environment/Remote Procedure Call (DCERPC) traffic.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.0.15)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "suricata", "source": "cna", "vendor": "OISF"}, "product": "suricata", "vendor": "oisf"}], "analysis": {"en": {"generated_at": "2026-04-03T03:50:45.399707+00:00", "value": {"mitigation_remediation": ["Update Suricata to version 7.0.15 or later"], "summary": {"action": "Patch Immediately", "impact": "Denial of Service via performance degradation"}, "threat_synthesis": {"affected_systems": "The issue impacts all Suricata installations released by the Open Information Security Foundation that are prior to version 7.0.15. Any deployment of Suricata using an older major release or the latest release newer than 7.0.14 is vulnerable until patched or upgraded.", "description_and_impact": "Suricata\u2019s DCERPC component has a buffering inefficiency that creates quadratic time and memory consumption when handling certain DCERPC packets. This weakness is classified as CWE-407 (inefficient use of resources) and CWE-770 (memory consumption out of user control). If an attacker can force the engine to process a large number of such packets, the system\u2019s CPU or memory can become saturated, causing service slowdown or a complete halt of the IDS/IPS processing, effectively denying availability to legitimate traffic.", "risk_and_exploitability": "The CVSS score of 7.5 classifies this vulnerability as high severity. No EPSS score is provided, and the vulnerability is not listed in CISA\u2019s Known Exploited Vulnerabilities catalog. The most likely attack vector is network based, where an attacker sends specially crafted DCERPC traffic to the Suricata instance, leveraging the quadratic buffering cost to exhaust resources. While no public exploit is known, the theoretical ability to trigger a denial of service makes prompt remediation critical."}}}}, "created": "2026-04-02T20:12:16.305362+00:00", "updated": "2026-04-03T09:18:43.010904+00:00", "vendors": ["oisf", "oisf$PRODUCT$suricata"]}