CVE-2026-22259
HIGHSuricata < 7.0.14 - Denial of Service via DNP3 Traffic Parsing
Title source: llmDescription
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting killed by the OOM killer. Versions 8.0.3 or 7.0.14 contain a patch. As a workaround, disable the DNP3 parser in the suricata yaml (disabled by default).
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
https://github.com/OISF/suricata/security/advisories/GHSA-878h-2x6v-84q9
Patch x_refsource_misc
https://github.com/OISF/suricata/commit/50cac2e2465ca211eabfa156623e585e9037bb7e
Patch x_refsource_misc
https://github.com/OISF/suricata/commit/63225d5f8ef64cc65164c0bb1800730842d54942
Issue Tracking, Permissions Required x_refsource_misc
https://redmine.openinfosecfoundation.org/issues/8181
Scores
CVSS v3
7.5
EPSS
0.0051
EPSS Percentile
39.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-770
CWE-400
Status
published
Products (1)
oisf/suricata
< 7.0.14
Published
Jan 27, 2026
Tracked Since
Feb 18, 2026