{“lastseen”:””,”description”:”Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available.”,”published”:”2026-01-27T18:27:45.351Z”,”modified”:”2026-01-27T19:56:34.976Z”,”type”:”cve”,”title”:”Suricata http1: quadratic complexity in headers parsing over multiple packets”,”source”:”GitHub_M”,”references”:”https:\/\/github.com\/OISF\/suricata\/security\/advisories\/GHSA-rwc5-hxj6-hwx7\\nhttps:\/\/github.com\/OISF\/suricata\/commit\/018a377f74e3eb2b042c6f783ad9043060923428\\nhttps:\/\/redmine.openinfosecfoundation.org\/issues\/8201″,”id”:”CVE-2026-22263″,”bulletinFamily”:””,”cwe”:[“CWE-1050″],”cvelist”:null,”sourceData”:”OISF suricata \\u003e= 8.0.0, \\u003c 8.0.3″,”sourceHref”:””,”cvss”:{“score”:5.3,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”suricata”,”version”:”\\u003e= 8.0.0, \\u003c 8.0.3″,”vendor”:”OISF”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,22,12,21,13,7,11,5],"class_list":["post-37649","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-53","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n