{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31932", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:10:10.654Z", "datePublished": "2026-04-02T14:02:40.205Z", "dateUpdated": "2026-04-02T18:33:25.016Z"}, "containers": {"cna": {"title": "Suricata krb5: quadratic complexity in krb5 buffering", "problemTypes": [{"descriptions": [{"cweId": "CWE-407", "lang": "en", "description": "CWE-407: Inefficient Algorithmic Complexity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr"}, {"name": "https://redmine.openinfosecfoundation.org/issues/8305", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/8305"}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"version": "< 7.0.15", "status": "affected"}, {"version": ">= 8.0.0, < 8.0.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:02:40.205Z"}, "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4."}], "source": {"advisory": "GHSA-rp9m-jcpw-hggr", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T18:33:08.564205Z", "id": "CVE-2026-31932", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T18:33:25.016Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31932", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:10:10.654Z", "datePublished": "2026-04-02T14:02:40.205Z", "dateUpdated": "2026-04-02T18:33:25.016Z"}, "containers": {"cna": {"title": "Suricata krb5: quadratic complexity in krb5 buffering", "problemTypes": [{"descriptions": [{"cweId": "CWE-407", "lang": "en", "description": "CWE-407: Inefficient Algorithmic Complexity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr"}, {"name": "https://redmine.openinfosecfoundation.org/issues/8305", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/8305"}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"version": "< 7.0.15", "status": "affected"}, {"version": ">= 8.0.0, < 8.0.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:02:40.205Z"}, "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4."}], "source": {"advisory": "GHSA-rp9m-jcpw-hggr", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31932", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T18:33:08.564205Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T18:33:14.922Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4."}], "id": "CVE-2026-31932", "lastModified": "2026-04-02T14:16:28.763", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T14:16:28.763", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr"}, {"source": "security-advisories@github.com", "url": "https://redmine.openinfosecfoundation.org/issues/8305"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-407"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.0.15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.0.0,8.0.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "suricata", "source": "cna", "vendor": "OISF"}, "product": "suricata", "vendor": "oisf"}], "analysis": {"en": {"generated_at": "2026-04-02T15:22:32.950143+00:00", "value": {"mitigation_remediation": ["Upgrade Suricata to version 7.0.15 or later, or 8.0.4 or later, where the KRB5 buffering inefficiency has been fixed.", "If an upgrade cannot be performed immediately, monitor Kerberos traffic volumes for abrupt increases and consider throttling or rate\u2011limiting high\u2011volume streams to mitigate performance impact.", "Validate that the updated configuration is correctly applied and that no legacy client code continues to generate excessive Kerberos packets."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service (Performance Degradation)"}, "threat_synthesis": {"affected_systems": "Vendors affected include the Open Information Security Foundation\u2019s Suricata product. All pre\u20117.0.15 releases and pre\u20118.0.4 releases are vulnerable. Users running these versions on any operating system supporting Suricata should consider them at risk.", "description_and_impact": "The vulnerability arises from quadratic complexity in the Kerberos (KRB5) buffering logic within Suricata. This inefficiency can cause excessive CPU usage and memory consumption when handling Kerberos traffic, potentially leading the IDS/IPS to become unresponsive or slow. The weakness is classified as a missing limits or throttling flaw (CWE-407), which is typically associated with denial-of-service conditions. The impact is limited to degraded performance rather than exploitable code execution, but in environments with continuous high-volume Kerberos traffic, the system could be forced offline by sustained load.", "risk_and_exploitability": "The CVSS base score of 7.5 marks the issue as high severity. Exact EPSS data are not available, and the vulnerability is not listed in CISA\u2019s KEV catalog, indicating no known active exploits. The likely attack vector is network-based, requiring an attacker to generate or wait for a high volume of Kerberos traffic to trigger the buffering inefficiency. Because the flaw does not allow arbitrary code execution, the primary risk is service degradation; however, in critical environments the impact could be substantial if the system cannot process legitimate traffic."}}}}, "created": "2026-04-02T20:12:22.971492+00:00", "updated": "2026-04-02T20:21:03.549615+00:00", "vendors": ["oisf", "oisf$PRODUCT$suricata"]}