CVE-2026-22259
- Source
- https://cve.org/CVERecord?id=CVE-2026-22259
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22259.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-22259
- Aliases
-
- GHSA-878h-2x6v-84q9
- Downstream
- Published
- 2026-01-27T17:13:11.057Z
- Modified
- 2026-03-01T02:56:07.992158Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Suricata dnp3: unbounded transaction growth
- Details
-
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting killed by the OOM killer. Versions 8.0.3 or 7.0.14 contain a patch. As a workaround, disable the DNP3 parser in the suricata yaml (disabled by default).
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22259.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-400", "CWE-770" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22259.json
- https://github.com/OISF/suricata/commit/50cac2e2465ca211eabfa156623e585e9037bb7e
- https://github.com/OISF/suricata/commit/63225d5f8ef64cc65164c0bb1800730842d54942
- https://github.com/OISF/suricata/security/advisories/GHSA-878h-2x6v-84q9
- https://nvd.nist.gov/vuln/detail/CVE-2026-22259
- https://redmine.openinfosecfoundation.org/issues/8181
Affected packages
Git / github.com/oisf/suricata
Affected ranges
Affected versions
suricata-0.*
suricata-0.8.2
suricata-1.*
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
suricata-1.2
suricata-1.2.1
suricata-1.2beta1
suricata-1.2rc1
suricata-1.3
suricata-1.3.1
suricata-1.3beta1
suricata-1.3beta2
suricata-1.3rc1
suricata-1.4
suricata-1.4beta1
suricata-1.4beta2
suricata-1.4beta3
suricata-1.4rc1
suricata-2.*
suricata-2.0
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0.2
suricata-2.0beta1
suricata-2.0beta2
suricata-2.0rc1
suricata-2.0rc2
suricata-2.0rc3
suricata-2.1beta1
suricata-2.1beta2
suricata-2.1beta3
suricata-2.1beta4
suricata-3.*
suricata-3.0
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0RC1
suricata-3.0RC2
suricata-3.0RC3
suricata-3.1
suricata-3.1.1
suricata-3.1.2
suricata-3.1RC1
suricata-3.2
suricata-3.2.1
suricata-3.2RC1
suricata-3.2beta1
suricata-4.*
suricata-4.0.0
suricata-4.0.0-beta1
suricata-4.0.0-rc1
suricata-4.0.0-rc2
suricata-4.0.1
suricata-4.1.0
suricata-4.1.0-beta1
suricata-4.1.0-rc1
suricata-4.1.0-rc2
suricata-4.1.1
suricata-4.1.2
suricata-5.*
suricata-5.0.0
suricata-5.0.0-beta1
suricata-5.0.0-rc1
suricata-5.0.1
suricata-6.*
suricata-6.0.0
suricata-6.0.0-beta1
suricata-6.0.0-rc1
suricata-6.0.1
suricata-7.*
suricata-7.0.0
suricata-7.0.0-beta1
suricata-7.0.0-rc1
suricata-7.0.0-rc2
suricata-7.0.1
suricata-7.0.10
suricata-7.0.11
suricata-7.0.12
suricata-7.0.13
suricata-7.0.2
suricata-7.0.3
suricata-7.0.4
suricata-7.0.5
suricata-7.0.6
suricata-7.0.7
suricata-7.0.8
suricata-7.0.9
suricata-8.*
suricata-8.0.0
suricata-8.0.1
suricata-8.0.2