{"dataType": "CVE_RECORD", "containers": {"adp": [{"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"not yet assigned\"}"}}}], "affected": [{"vendor": "debian", "product": "suricata", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "suricata-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "suricata-oinkmaster", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "suricata", "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "suricata", "versions": [{"status": "affected", "version": "0", "lessThan": "1:8.0.3-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "suricata-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "1:8.0.3-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "suricata", "versions": [{"status": "affected", "version": "0", "lessThan": "1:7.0.10-1+deb13u3", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "suricata-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "1:7.0.10-1+deb13u3", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-tracker.debian.org/tracker/CVE-2026-22262"}], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not use rules with datasets `save` nor `state` options."}], "providerMetadata": {"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian", "dateUpdated": "2026-01-27T18:18:52.922Z", "x_subShortName": "debian"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"medium\"}"}}}], "affected": [{"vendor": "canonical", "product": "libhtp-0.5.23-1", "platforms": ["bionic"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "suricata-hyperscan", "platforms": ["bionic"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "suricata-oinkmaster", "platforms": ["bionic"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "suricata", "platforms": ["bionic", "jammy", "noble", "xenial"], "defaultStatus": "unknown"}], "references": [{"url": "https://ubuntu.com/security/CVE-2026-22262"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-22262"}], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. While saving a dataset astack buffer is used to prepare the data. Prior to versions 8.0.3 and7.0.14, if the data in the dataset is too large, this can result in a stackoverflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, donot use rules with datasets `save` nor `state` options."}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-01-27T19:16:00Z", "x_subShortName": "canonical"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"], "vendor": "oisf", "product": "suricata", "versions": [{"status": "affected", "version": "0", "lessThan": "7.0.14", "versionType": "custom"}, {"status": "affected", "version": "8.0.0", "lessThan": "8.0.3", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/OISF/suricata/commit/0eff24213763c2aa2bb0957901d5dc1e18414dbf", "tags": ["patch"]}, {"url": "https://github.com/OISF/suricata/commit/27a2180bceaa3477419c78c54fce364398d011f1", "tags": ["patch"]}, {"url": "https://github.com/OISF/suricata/commit/32609e6896f9079c175665a94005417cec7637eb", "tags": ["patch"]}, {"url": "https://github.com/OISF/suricata/commit/32a1b9ae6aa80a60c073897e38a2ac6ea0f64521", "tags": ["patch"]}, {"url": "https://github.com/OISF/suricata/commit/d6bc718e303ecbec5999066b8bc88eeeca743658", "tags": ["patch"]}, {"url": "https://github.com/OISF/suricata/commit/d767dfadcd166f82683757818b9e46943326ac90", "tags": ["patch"]}, {"url": "https://redmine.openinfosecfoundation.org/issues/8110", "tags": ["permissions-required"]}, {"url": "https://github.com/OISF/suricata/security/advisories/GHSA-9qg5-2gwh-xp86", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not use rules with datasets `save` nor `state` options."}, {"lang": "es", "value": "Suricata es un motor IDS, IPS y NSM de red. Mientras se guarda un conjunto de datos, se utiliza un búfer de pila para preparar los datos. Antes de las versiones 8.0.3 y 7.0.14, si los datos en el conjunto de datos son demasiado grandes, esto puede resultar en un desbordamiento de pila. Las versiones 8.0.3 y 7.0.14 contienen un parche. Como solución alternativa, no utilice reglas con las opciones 'save' ni 'state' de los conjuntos de datos."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-121", "description": "CWE-121"}, {"lang": "en", "cweId": "CWE-787", "description": "CWE-787"}]}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000003", "shortName": "nvd", "dateUpdated": "2026-01-27T19:16:14Z", "x_subShortName": "nvd"}}}, "cveMetadata": {"cveId": "CVE-2026-22262", "state": "PUBLISHED", "dateUpdated": "2026-01-29T21:01:55Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-27T19:16:14Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.0"}