CVE-2026-22263

EPSS 0.02%
Veröffentlicht 27.01.2026 18:27:45
Zuletzt bearbeitet 29.01.2026 21:00:55
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Suricata http1: quadratic complexity in headers parsing over multiple packets

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oisf ≫ Suricata Version >= 8.0.0 < 8.0.3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.058

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-1050 Excessive Platform Resource Consumption within a Loop

The product has a loop body or loop condition that contains a control element that directly or indirectly consumes platform resources, e.g. messaging, sessions, locks, or file descriptors.

https://github.com/OISF/suricata/security/advisories/GHSA-rwc5-hxj6-hwx7

Vendor Advisory

https://github.com/OISF/suricata/commit/018a377f74e3eb2b042c6f783ad9043060923428

Patch

https://redmine.openinfosecfoundation.org/issues/8201

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2026-22263

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-22263

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-22263

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-22263