2454366 – (CVE-2026-31935) CVE-2026-31935 Suricata: Suricata: Denial of Service via HTTP2 continuation frame flooding

Bug 2454366 (CVE-2026-31935) - CVE-2026-31935 Suricata: Suricata: Denial of Service via HTTP2 continuation frame flooding

Summary: CVE-2026-31935 Suricata: Suricata: Denial of Service via HTTP2 continuation f...

Keywords:
Status:	NEW
Alias:	CVE-2026-31935
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2454447 2454449
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-02 15:01 UTC by OSIDB Bzimport
Modified:	2026-04-02 16:38 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-02 15:01:05 UTC

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4.

Note You need to log in before you can comment on or make changes to this bug.