Description

Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating excessive amounts of alerts for a single packet. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not run untrusted rulesets or run with less than 65536 signatures that can match on the same packet.

INFO

Published Date :

2026-01-27T18:33:50.354Z

Last Modified :

2026-01-28T14:02:38.233Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-22264 vulnerability.

Vendors Products
Oisf
  • Suricata
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22264.

URL Resource
https://github.com/OISF/suricata/commit/549d7bf60616de8e54686a188196453b5b22f715 cve-icon cve-icon
https://github.com/OISF/suricata/commit/5789a3d3760dbf33d93fc56c27bd9529e5bdc8f2 cve-icon cve-icon
https://github.com/OISF/suricata/commit/ac1eb394181530430fb7262969f423a1bf8f209b cve-icon cve-icon
https://github.com/OISF/suricata/security/advisories/GHSA-mqr8-m3m4-2hw5 cve-icon cve-icon
https://redmine.openinfosecfoundation.org/issues/8190 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact