{"url":"http://public2.vulnerablecode.io/api/packages/104784?format=json","purl":"pkg:deb/debian/suricata@1:8.0.4-1?distro=trixie","type":"deb","namespace":"debian","name":"suricata","version":"1:8.0.4-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0","latest_non_vulnerable_version":"1:8.0.5-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71258?format=json","vulnerability_id":"VCID-chjk-tchh-kfck","summary":"Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31933"},{"reference_url":"https://redmine.openinfosecfoundation.org/issues/8272","reference_id":"8272","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:00:34Z/"}],"url":"https://redmine.openinfosecfoundation.org/issues/8272"},{"reference_url":"https://github.com/OISF/suricata/security/advisories/GHSA-hvp5-gpr6-j4gp","reference_id":"GHSA-hvp5-gpr6-j4gp","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:00:34Z/"}],"url":"https://github.com/OISF/suricata/security/advisories/GHSA-hvp5-gpr6-j4gp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104750?format=json","purl":"pkg:deb/debian/suricata@1:7.0.10-1%2Bdeb13u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@1:7.0.10-1%252Bdeb13u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104784?format=json","purl":"pkg:deb/debian/suricata@1:8.0.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@1:8.0.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104749?format=json","purl":"pkg:deb/debian/suricata@1:8.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@1:8.0.5-1%3Fdistro=trixie"}],"aliases":["CVE-2026-31933"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-chjk-tchh-kfck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71300?format=json","vulnerability_id":"VCID-jvzd-4yuy-xbg2","summary":"Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31935","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31935"},{"reference_url":"https://redmine.openinfosecfoundation.org/issues/8289","reference_id":"8289","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:42:22Z/"}],"url":"https://redmine.openinfosecfoundation.org/issues/8289"},{"reference_url":"https://github.com/OISF/suricata/security/advisories/GHSA-vxrp-5pg7-7v4x","reference_id":"GHSA-vxrp-5pg7-7v4x","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:42:22Z/"}],"url":"https://github.com/OISF/suricata/security/advisories/GHSA-vxrp-5pg7-7v4x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104750?format=json","purl":"pkg:deb/debian/suricata@1:7.0.10-1%2Bdeb13u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@1:7.0.10-1%252Bdeb13u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104784?format=json","purl":"pkg:deb/debian/suricata@1:8.0.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@1:8.0.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104749?format=json","purl":"pkg:deb/debian/suricata@1:8.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@1:8.0.5-1%3Fdistro=trixie"}],"aliases":["CVE-2026-31935"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvzd-4yuy-xbg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71392?format=json","vulnerability_id":"VCID-saj6-vrkq-e7h9","summary":"Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31932"},{"reference_url":"https://redmine.openinfosecfoundation.org/issues/8305","reference_id":"8305","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:33:08Z/"}],"url":"https://redmine.openinfosecfoundation.org/issues/8305"},{"reference_url":"https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr","reference_id":"GHSA-rp9m-jcpw-hggr","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:33:08Z/"}],"url":"https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104750?format=json","purl":"pkg:deb/debian/suricata@1:7.0.10-1%2Bdeb13u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@1:7.0.10-1%252Bdeb13u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104784?format=json","purl":"pkg:deb/debian/suricata@1:8.0.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@1:8.0.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104749?format=json","purl":"pkg:deb/debian/suricata@1:8.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@1:8.0.5-1%3Fdistro=trixie"}],"aliases":["CVE-2026-31932"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-saj6-vrkq-e7h9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71436?format=json","vulnerability_id":"VCID-w2ee-fy44-mqhm","summary":"Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the \"tls.alpn\" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4.","references":[{"reference_url":"https://redmine.openinfosecfoundation.org/issues/8294","reference_id":"8294","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:18:13Z/"}],"url":"https://redmine.openinfosecfoundation.org/issues/8294"},{"reference_url":"https://github.com/OISF/suricata/security/advisories/GHSA-gr22-4784-xvw3","reference_id":"GHSA-gr22-4784-xvw3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:18:13Z/"}],"url":"https://github.com/OISF/suricata/security/advisories/GHSA-gr22-4784-xvw3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104769?format=json","purl":"pkg:deb/debian/suricata@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104747?format=json","purl":"pkg:deb/debian/suricata@1:6.0.1-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32h7-m9mm-5yaq"},{"vulnerability":"VCID-5wp7-mrrm-bfav"},{"vulnerability":"VCID-6pk7-a1e5-tue1"},{"vulnerability":"VCID-76e2-93ej-5yeg"},{"vulnerability":"VCID-abr4-epyy-dqfp"},{"vulnerability":"VCID-amys-da3n-r7f4"},{"vulnerability":"VCID-b61j-jzmv-x3bj"},{"vulnerability":"VCID-chjk-tchh-kfck"},{"vulnerability":"VCID-ee7d-3mw6-9uca"},{"vulnerability":"VCID-ez39-tqb5-43gn"},{"vulnerability":"VCID-jvzd-4yuy-xbg2"},{"vulnerability":"VCID-k73c-4k81-hfb7"},{"vulnerability":"VCID-kfjv-uh1c-ckf2"},{"vulnerability":"VCID-mqaz-fh6g-kuhm"},{"vulnerability":"VCID-mu98-697y-jkde"},{"vulnerability":"VCID-np2s-r1ww-aubw"},{"vulnerability":"VCID-pfwk-5yzr-bbda"},{"vulnerability":"VCID-qbq6-7kz5-4ke6"},{"vulnerability":"VCID-r1a7-5st1-xbd1"},{"vulnerability":"VCID-rzy9-8yd5-w3cn"},{"vulnerability":"VCID-saj6-vrkq-e7h9"},{"vulnerability":"VCID-stvh-2q2x-4ffd"},{"vulnerability":"VCID-tf2g-8nbr-z3d8"},{"vulnerability":"VCID-tsyg-wngz-9fdt"},{"vulnerability":"VCID-vr4z-3xqz-v7ek"},{"vulnerability":"VCID-vr8u-frs8-4qcn"},{"vulnerability":"VCID-w2vg-8ef4-2ugq"},{"vulnerability":"VCID-wwwc-e7w5-q3aa"},{"vulnerability":"VCID-yaf8-9qwm-5ug3"},{"vulnerability":"VCID-z15c-9mdw-w7g8"},{"vulnerability":"VCID-z48f-d4p1-7qbe"},{"vulnerability":"VCID-z5qv-zqtk-63f1"},{"vulnerability":"VCID-zhyx-btu6-kket"},{"vulnerability":"VCID-zkjp-t5xv-kfht"},{"vulnerability":"VCID-zr1u-99gx-47ed"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@1:6.0.1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104750?format=json","purl":"pkg:deb/debian/suricata@1:7.0.10-1%2Bdeb13u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@1:7.0.10-1%252Bdeb13u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104784?format=json","purl":"pkg:deb/debian/suricata@1:8.0.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@1:8.0.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104749?format=json","purl":"pkg:deb/debian/suricata@1:8.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@1:8.0.5-1%3Fdistro=trixie"}],"aliases":["CVE-2026-31931"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w2ee-fy44-mqhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71356?format=json","vulnerability_id":"VCID-zuzx-xpns-37g2","summary":"Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4.","references":[{"reference_url":"https://redmine.openinfosecfoundation.org/issues/8292","reference_id":"8292","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:00:40Z/"}],"url":"https://redmine.openinfosecfoundation.org/issues/8292"},{"reference_url":"https://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8","reference_id":"GHSA-hr89-h2pp-f3c8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:00:40Z/"}],"url":"https://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104769?format=json","purl":"pkg:deb/debian/suricata@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104747?format=json","purl":"pkg:deb/debian/suricata@1:6.0.1-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32h7-m9mm-5yaq"},{"vulnerability":"VCID-5wp7-mrrm-bfav"},{"vulnerability":"VCID-6pk7-a1e5-tue1"},{"vulnerability":"VCID-76e2-93ej-5yeg"},{"vulnerability":"VCID-abr4-epyy-dqfp"},{"vulnerability":"VCID-amys-da3n-r7f4"},{"vulnerability":"VCID-b61j-jzmv-x3bj"},{"vulnerability":"VCID-chjk-tchh-kfck"},{"vulnerability":"VCID-ee7d-3mw6-9uca"},{"vulnerability":"VCID-ez39-tqb5-43gn"},{"vulnerability":"VCID-jvzd-4yuy-xbg2"},{"vulnerability":"VCID-k73c-4k81-hfb7"},{"vulnerability":"VCID-kfjv-uh1c-ckf2"},{"vulnerability":"VCID-mqaz-fh6g-kuhm"},{"vulnerability":"VCID-mu98-697y-jkde"},{"vulnerability":"VCID-np2s-r1ww-aubw"},{"vulnerability":"VCID-pfwk-5yzr-bbda"},{"vulnerability":"VCID-qbq6-7kz5-4ke6"},{"vulnerability":"VCID-r1a7-5st1-xbd1"},{"vulnerability":"VCID-rzy9-8yd5-w3cn"},{"vulnerability":"VCID-saj6-vrkq-e7h9"},{"vulnerability":"VCID-stvh-2q2x-4ffd"},{"vulnerability":"VCID-tf2g-8nbr-z3d8"},{"vulnerability":"VCID-tsyg-wngz-9fdt"},{"vulnerability":"VCID-vr4z-3xqz-v7ek"},{"vulnerability":"VCID-vr8u-frs8-4qcn"},{"vulnerability":"VCID-w2vg-8ef4-2ugq"},{"vulnerability":"VCID-wwwc-e7w5-q3aa"},{"vulnerability":"VCID-yaf8-9qwm-5ug3"},{"vulnerability":"VCID-z15c-9mdw-w7g8"},{"vulnerability":"VCID-z48f-d4p1-7qbe"},{"vulnerability":"VCID-z5qv-zqtk-63f1"},{"vulnerability":"VCID-zhyx-btu6-kket"},{"vulnerability":"VCID-zkjp-t5xv-kfht"},{"vulnerability":"VCID-zr1u-99gx-47ed"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@1:6.0.1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104750?format=json","purl":"pkg:deb/debian/suricata@1:7.0.10-1%2Bdeb13u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@1:7.0.10-1%252Bdeb13u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104784?format=json","purl":"pkg:deb/debian/suricata@1:8.0.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@1:8.0.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104749?format=json","purl":"pkg:deb/debian/suricata@1:8.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@1:8.0.5-1%3Fdistro=trixie"}],"aliases":["CVE-2026-31934"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zuzx-xpns-37g2"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/suricata@1:8.0.4-1%3Fdistro=trixie"}