Detections
Analytics

Suricata < 7.0.16 / 8.x < 8.0.5 Multiple Vulnerabilities

critical Nessus Plugin ID 318838

Synopsis

An IDS/IPS solution running on the remote host is affected by multiple vulnerabilities.

Description

The version of OISF Suricata installed on the remote host is prior to 7.0.16 or 8.x prior to 8.0.5. It is, therefore, affected by multiple vulnerabilities, including:

 - A protocol change while processing HTTP/2 traffic could lead to type confusion in Suricata. Crafted traffic may cause Suricata to crash, resulting in denial of service. (CVE-2026-45764)

 - Suricata's HTTP/2 decompression path could grow the decompressed response-body buffer without an effective upper bound. A crafted HTTP/2 DATA payload using a high compression ratio, such as gzip, deflate, or brotli compressed data, could cause Suricata to allocate excessive memory while decompressing the payload.
 (CVE-2026-46387)

 - Suricata could repeatedly perform expensive parsing of large HTTP Content-Disposition headers during HTTP response body processing. Crafted HTTP traffic could cause excessive CPU usage and denial of service.
 (CVE-2026-45759)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade Suricata to version 7.0.16 or 8.0.5 or higher.

See Also

http://www.nessus.org/u?e79fd06f

http://www.nessus.org/u?e9bf7ca7

http://www.nessus.org/u?4959072d

http://www.nessus.org/u?4f12587c

http://www.nessus.org/u?1e82469b

http://www.nessus.org/u?289da1bf

http://www.nessus.org/u?b433135c

http://www.nessus.org/u?a01cdfc9

http://www.nessus.org/u?45c42c55

http://www.nessus.org/u?bb72647f

Plugin Details

Severity: Critical

ID: 318838

File Name: suricata_7_0_16_8_0_5.nasl

Version: 1.1

Type: Local

Agent: windows, macosx, unix

Family: Misc.

Published: 6/5/2026

Updated: 6/5/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Vulnerability Information

CPE: cpe:/a:oisf:suricata

Required KB Items: installed_sw/Open Information Security Foundation Suricata

Patch Publication Date: 5/19/2026

Vulnerability Publication Date: 5/19/2026

Reference Information

CVE: CVE-2026-45751, CVE-2026-45759, CVE-2026-45761, CVE-2026-45762, CVE-2026-45764, CVE-2026-45765, CVE-2026-45766, CVE-2026-45767, CVE-2026-45769, CVE-2026-46387

IAVB: 2026-B-0147