{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31937", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:10:10.654Z", "datePublished": "2026-04-02T14:38:22.496Z", "dateUpdated": "2026-04-02T14:38:22.496Z"}, "containers": {"cna": {"title": "Suricata dcerpc: quadratic complexity in dcerpc buffering", "problemTypes": [{"descriptions": [{"cweId": "CWE-407", "lang": "en", "description": "CWE-407: Inefficient Algorithmic Complexity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg"}, {"name": "https://redmine.openinfosecfoundation.org/issues/8304", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/8304"}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"version": "< 7.0.15", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:38:22.496Z"}, "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15."}], "source": {"advisory": "GHSA-86vg-w8vm-m3gg", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15."}], "id": "CVE-2026-31937", "lastModified": "2026-04-02T15:16:37.847", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T15:16:37.847", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg"}, {"source": "security-advisories@github.com", "url": "https://redmine.openinfosecfoundation.org/issues/8304"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-407"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.0.15)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "suricata", "source": "cna", "vendor": "OISF"}, "product": "suricata", "vendor": "oisf"}], "analysis": {"en": {"generated_at": "2026-04-02T15:50:26.422044+00:00", "value": {"mitigation_remediation": ["Upgrade Suricata to version 7.0.15 or later", "If upgrading is delayed, restrict or block DCERPC traffic at the network perimeter", "Continuously monitor CPU usage and Suricata logs for signs of abnormal performance degradation"], "summary": {"action": "Apply patch", "impact": "Performance Degradation (potential DoS)"}, "threat_synthesis": {"affected_systems": "The issue affects OISF Suricata deployments built before version 7.0.15. Versions 7.0.15 and later contain the fix that removes the inefficient buffering code. If you are running an older build, consider it impacted until the patch is applied.", "description_and_impact": "Suricata\u2019s DCERPC buffering routine contains a quadratic complexity path that can be triggered by specially crafted DCERPC packets. When an attacker sends a large or malformed request, the buffering routine may consume excessive CPU cycles, temporarily halting or slowing other network inspection tasks. This can lead to a denial of service for the sensor and it is an example of a processor exhaustion vulnerability (CWE\u2011407).", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity vulnerability. Exploit probability data is not publicly disclosed. The vulnerability is not listed in the known exploited vulnerabilities catalog. The likely attack vector is network\u2011based: a remote attacker can send malicious DCERPC traffic to trigger the inefficiency, resulting in resource exhaustion and service degradation."}}}}, "created": "2026-04-02T20:12:16.305362+00:00", "updated": "2026-04-02T20:20:56.994774+00:00", "vendors": ["oisf", "oisf$PRODUCT$suricata"]}