SUSE CVE-2026-22258

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading to memory exhaustion and the process getting killed. While reported for DCERPC over UDP, it is believed that DCERPC over TCP and SMB...

CVE-2026-22259

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting...

CVE-2026-22259

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting...

CVE-2026-22259 Suricata dnp3: unbounded transaction growth

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting...

CVE-2026-22259

CVE-2026-22259 affects Suricata’s DNP3 parser. Before versions 8.0.3 and 7.0.14, specially crafted DNP3 traffic can cause unbounded memory growth during parsing, leading to slowed performance and potential OOM-killer termination. A fix is included in Suricata 8.0.3 and 7.0.14. If upgrading is not...

CVE-2026-22259

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting...

CVE-2026-22259

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting...

CVE-2026-22258 Suricata DCERPC: unbounded fragment buffering leads to memory exhaustion

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading to memory exhaustion and the process getting killed. While reported for DCERPC over UDP, it is believed that DCERPC over TCP and SMB...

Linux Distros Unpatched Vulnerability : CVE-2026-22259

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memo...

PT-2026-4983

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting...

PT-2024-7273 · Gnome +5 · Libgsf +5

Name of the Vulnerable Software and Affected Versions: GNOME Project G Structured File Library libgsf version 1.14.52 Description: An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf. A specially crafted...

UBUNTU-CVE-2024-23835

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the...

PT-2024-14500 · Magic · Magic Xpi Integration Platform

Name of the Vulnerable Software and Affected Versions: Magic xpi Integration Platform version 4.13.4 Description: The XML parser in Magic xpi Integration Platform allows XXE attacks, for example, via onItemImport. Recommendations: For Magic xpi Integration Platform version 4.13.4, consider...

PT-2023-30228 · E-Tax · E-Tax

Name of the Vulnerable Software and Affected Versions: e-Tax software versions 3.0.10 and earlier Description: The issue is related to the improper restriction of XML external entity references XXE in the e-Tax software due to the configuration of the embedded XML parser. This allows an attacker ...

PT-2023-28171 · Jenkins · Jenkins Job Configuration History Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job Configuration History Plugin versions 1227.v7a 79fc4dc01f and earlier Description: The issue is related to the configuration of the XML parser in the Jenkins Job Configuration History Plugin, which does not prevent XML external...

PT-2022-12275 · Radare2 +1 · Radare2 +1

Name of the Vulnerable Software and Affected Versions: radare2 version 5.5.2 Description: The issue is related to a NULL Pointer Dereference via the binary symbol parser in libr/bin/p/bin symbols.c. This affects the radare2 binary analysis tool. No information is provided about the estimated numb...

PT-2022-19295 · Apache · Apache Jena

Name of the Vulnerable Software and Affected Versions: Apache Jena versions prior to 4.4.0 Description: A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects versions prior to 4.4.0, excluding Apache Jena 4.2.x and...

PT-2018-3607 · Poppler +4 · Poppler +4

Name of the Vulnerable Software and Affected Versions: Poppler version 0.68.0 Description: The issue is related to the Parser::getObj function in the Poppler library for rendering PDF files, which can cause infinite recursion when processing a crafted file. This can be exploited by a remote...

PT-2015-2743 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software version 8.4 Description: The issue is related to the XML parser in the management interface, which can cause system instability and potentially crash the device when a crafted XML document is...