Description

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading to memory exhaustion and the process getting killed. While reported for DCERPC over UDP, it is believed that DCERPC over TCP and SMB are also vulnerable. DCERPC/TCP in the default configuration should not be vulnerable as the default stream depth is limited to 1MiB. Versions 8.0.3 and 7.0.14 contain a patch. Some workarounds are available. For DCERPC/UDP, disable the parser. For DCERPC/TCP, the `stream.reassembly.depth` setting will limit the amount of data that can be buffered. For DCERPC/SMB, the `stream.reassembly.depth` can be used as well, but is set to unlimited by default. Imposing a limit here may lead to loss of visibility in SMB.

INFO

Published Date :

2026-01-27T16:17:29.903Z

Last Modified :

2026-01-27T18:28:38.707Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-22258 vulnerability.

Vendors Products
Oisf
  • Suricata
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22258.

URL Resource
https://github.com/OISF/suricata/commit/39d8c302af3422a096b75474a4f295a754ec6a74 cve-icon cve-icon
https://github.com/OISF/suricata/commit/f82a388d0283725cb76782cf64e8341cab370830 cve-icon cve-icon
https://github.com/OISF/suricata/security/advisories/GHSA-289c-h599-3xcx cve-icon cve-icon
https://redmine.openinfosecfoundation.org/issues/8182 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact