CVE

CVE-2026-22259

Suricata dnp3: unbounded transaction growth

CVE

CVE-2026-22259

Suricata dnp3: unbounded transaction growth

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting killed by the OOM killer. Versions 8.0.3 or 7.0.14 contain a patch. As a workaround, disable the DNP3 parser in the suricata yaml (disabled by default).

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

7.5

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Related Resources

No items found.

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22259.json, https://github.com/OISF/suricata/commit/50cac2e2465ca211eabfa156623e585e9037bb7e, https://github.com/OISF/suricata/commit/63225d5f8ef64cc65164c0bb1800730842d54942, https://github.com/OISF/suricata/security/advisories/GHSA-878h-2x6v-84q9, https://nvd.nist.gov/vuln/detail/CVE-2026-22259, https://redmine.openinfosecfoundation.org/issues/8181

Severity

7.5

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.5

EPSS Probability

0.00068%

EPSS Percentile

0.20607%

Introduced Version

0,9956286fb89f9cad9e9f95b99dc751f8666617b7

Fix Available

163bd652dfa92959e918a952429b939fa81f7b88,3bd9f773bdc65d7bede2f0576790a68fb68b7476

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2026-22259

CVE-2026-22259

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.5

Basic Information

Fix Critical Vulnerabilities Instantly