2433475 – (CVE-2026-22264) CVE-2026-22264 suricata: Suricata detect/alert: heap-use-after-free on alert queue expansion

Bug 2433475 (CVE-2026-22264) - CVE-2026-22264 suricata: Suricata detect/alert: heap-use-after-free on alert queue expansion

Summary: CVE-2026-22264 suricata: Suricata detect/alert: heap-use-after-free on alert ...

Keywords:
Status:	NEW
Alias:	CVE-2026-22264
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2433505 2433506 2433507 2433508 2433510
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-27 19:02 UTC by OSIDB Bzimport
Modified:	2026-01-27 20:21 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-01-27 19:02:24 UTC

Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating excessive amounts of alerts for a single packet. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not run untrusted rulesets or run with less than 65536 signatures that can match on the same packet.

Note You need to log in before you can comment on or make changes to this bug.