{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31931", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:10:10.653Z", "datePublished": "2026-04-02T14:01:03.512Z", "dateUpdated": "2026-04-02T14:18:27.902Z"}, "containers": {"cna": {"title": "Suricata tls: null dereference in tls.alpn rule keyword", "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "lang": "en", "description": "CWE-476: NULL Pointer Dereference", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-gr22-4784-xvw3", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-gr22-4784-xvw3"}, {"name": "https://redmine.openinfosecfoundation.org/issues/8294", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/8294"}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"version": ">= 8.0.0, < 8.0.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:01:03.512Z"}, "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the \"tls.alpn\" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4."}], "source": {"advisory": "GHSA-gr22-4784-xvw3", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T14:18:13.377669Z", "id": "CVE-2026-31931", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T14:18:27.902Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31931", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T14:18:13.377669Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T14:18:19.353Z"}}], "cna": {"title": "Suricata tls: null dereference in tls.alpn rule keyword", "source": {"advisory": "GHSA-gr22-4784-xvw3", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"status": "affected", "version": ">= 8.0.0, < 8.0.4"}]}], "references": [{"url": "https://github.com/OISF/suricata/security/advisories/GHSA-gr22-4784-xvw3", "name": "https://github.com/OISF/suricata/security/advisories/GHSA-gr22-4784-xvw3", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://redmine.openinfosecfoundation.org/issues/8294", "name": "https://redmine.openinfosecfoundation.org/issues/8294", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the \"tls.alpn\" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:01:03.512Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31931", "state": "PUBLISHED", "dateUpdated": "2026-04-02T14:18:27.902Z", "dateReserved": "2026-03-10T15:10:10.653Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-02T14:01:03.512Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the \"tls.alpn\" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4."}], "id": "CVE-2026-31931", "lastModified": "2026-04-02T14:16:28.587", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T14:16:28.587", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/OISF/suricata/security/advisories/GHSA-gr22-4784-xvw3"}, {"source": "security-advisories@github.com", "url": "https://redmine.openinfosecfoundation.org/issues/8294"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.0.0,8.0.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "suricata", "source": "cna", "vendor": "OISF"}, "product": "suricata", "vendor": "oisf"}], "analysis": {"en": {"generated_at": "2026-04-02T15:23:28.069514+00:00", "value": {"mitigation_remediation": ["Upgrade Suricata to version\u00a08.0.4 or later, which contains the patch for this bug."], "summary": {"action": "Apply patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The flaw exists in Suricata releases from version\u00a08.0.0 up to, but not including, 8.0.4. Systems running any of those builds that utilize the tls.alpn rule keyword in their detection rules are at risk.\n", "description_and_impact": "Suricata, a widely used network IDS/IPS engine, contains a null dereference flaw within the tls.alpn rule keyword. When the keyword is parsed on affected builds, the program attempts to access a memory pointer that has not been initialized, causing Suricata to terminate unexpectedly. This crash prevents the engine from processing subsequent traffic and can lead to a denial of service to monitoring or protection functions.\n", "risk_and_exploitability": "The Common Vulnerability Scoring System assigns a score of\u00a07.5, indicating a high impact if the issue is triggered. Attack conditions are inferred to require that an adversary can supply traffic crafted to activate the tls.alpn rule, such as by injecting a malicious packet into the network or by modifying rule files locally. The CVE does not include an Exploit Prediction Scoring System value, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Nevertheless, the possibility of denial of service in an IDS/IPS deployment warrants prompt remediation."}}}}, "created": "2026-04-02T20:12:25.842261+00:00", "updated": "2026-04-02T20:21:06.483240+00:00", "vendors": ["oisf", "oisf$PRODUCT$suricata"]}