{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31934", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:10:10.654Z", "datePublished": "2026-04-02T14:21:08.207Z", "dateUpdated": "2026-04-02T15:00:49.250Z"}, "containers": {"cna": {"title": "Suricata smtp/mine: quadratic complexity in extracting urls", "problemTypes": [{"descriptions": [{"cweId": "CWE-407", "lang": "en", "description": "CWE-407: Inefficient Algorithmic Complexity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8"}, {"name": "https://redmine.openinfosecfoundation.org/issues/8292", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/8292"}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"version": ">= 8.0.0, < 8.0.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:21:08.207Z"}, "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4."}], "source": {"advisory": "GHSA-hr89-h2pp-f3c8", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T15:00:40.229823Z", "id": "CVE-2026-31934", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T15:00:49.250Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31934", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T15:00:40.229823Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T15:00:44.719Z"}}], "cna": {"title": "Suricata smtp/mine: quadratic complexity in extracting urls", "source": {"advisory": "GHSA-hr89-h2pp-f3c8", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"status": "affected", "version": ">= 8.0.0, < 8.0.4"}]}], "references": [{"url": "https://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8", "name": "https://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://redmine.openinfosecfoundation.org/issues/8292", "name": "https://redmine.openinfosecfoundation.org/issues/8292", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-407", "description": "CWE-407: Inefficient Algorithmic Complexity"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:21:08.207Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31934", "state": "PUBLISHED", "dateUpdated": "2026-04-02T15:00:49.250Z", "dateReserved": "2026-03-10T15:10:10.654Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-02T14:21:08.207Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4."}], "id": "CVE-2026-31934", "lastModified": "2026-04-02T15:16:37.440", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T15:16:37.440", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8"}, {"source": "security-advisories@github.com", "url": "https://redmine.openinfosecfoundation.org/issues/8292"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-407"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.0.0,8.0.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "suricata", "source": "cna", "vendor": "OISF"}, "product": "suricata", "vendor": "oisf"}], "analysis": {"en": {"generated_at": "2026-04-02T15:51:00.910116+00:00", "value": {"mitigation_remediation": ["Apply the Suricata 8.0.4 patch or later update to eliminate the quadratic processing flaw"], "summary": {"action": "Patch", "impact": "Performance Degradation and Potential Denial of Service"}, "threat_synthesis": {"affected_systems": "The flaw affects the Open Information Security Foundation\u2019s Suricata network IDS/IPS, specifically versions from 8.0.0 up through 8.0.3. Versions 8.0.4 and later contain the necessary patch.", "description_and_impact": "Suricata\u2019s routine that extracts URLs from MIME\u2011encoded SMTP messages has quadratic\u2011time complexity. When a large number of URLs are present, the parser can consume excessive CPU cycles, which degrades overall performance. If an attacker repeatedly injects such traffic, the system can become overwhelmed, leading to a denial\u2011of\u2011service condition. This weakness corresponds to CWE\u2011407, which describes time\u2011complexity vulnerabilities.", "risk_and_exploitability": "The CVSS score of 7.5 indicates high severity, and the vulnerability is not listed in CISA\u2019s KEV catalog. The EPSS score is unavailable. The likely attack vector is a network\u2011based approach that requires an attacker to send crafted SMTP traffic to a susceptible Suricata deployment. Without remediation, the impact could be sustained CPU exhaustion and service disruption, but no direct information about exploitability conditions beyond network traffic is provided in the official description."}}}}, "created": "2026-04-02T20:12:20.147905+00:00", "updated": "2026-04-02T20:21:00.774058+00:00", "vendors": ["oisf", "oisf$PRODUCT$suricata"]}