CVE-2026-22263

Suricata http1: quadratic complexity in headers parsing over multiple packets

CVSS 5.3 MEDIUMEPSS 0.4%CWE-1050

In short

Suricata's HTTP header parsing becomes very slow when processing requests split across multiple network packets, potentially causing the security system to lag or become unresponsive.

Technical detail

CWE-1050 inefficiency in HTTP/1 headers parsing exhibits quadratic complexity when headers span multiple packets, allowing an attacker to send fragmented HTTP requests that consume excessive CPU resources and degrade IDS/IPS performance without requiring authentication or special privileges.

Summary generated and translated by AI from the official description.

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

OISF · suricata

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/OISF/suricata/commit/018a377f74e3eb2b042c6f783ad9043060923428 https://github.com/OISF/suricata/security/advisories/GHSA-rwc5-hxj6-hwx7 https://redmine.openinfosecfoundation.org/issues/8201