CVE-2026-22258

Name of the Vulnerable Software and Affected Versions Suricata versions prior to 8.0.3 Suricata versions prior to 7.0.14

Description Suricata is a network IDS, IPS and NSM engine. Crafted DCERPC traffic can cause Suricata to expand a buffer without limits, leading to memory exhaustion and process termination. While initially reported for DCERPC over UDP, it is believed that DCERPC over TCP and SMB are also affected. DCERPC/TCP in the default configuration should not be vulnerable as the default stream depth is limited to 1MiB.

Recommendations For Suricata versions prior to 8.0.3, apply the patch available in version 8.0.3. For Suricata versions prior to 7.0.14, apply the patch available in version 7.0.14. For DCERPC/UDP, disable the parser. For DCERPC/TCP, limit the stream.reassembly.depth setting. For DCERPC/SMB, limit the stream.reassembly.depth setting, noting that this may lead to loss of visibility in SMB.