CVE-2019-10052Improper Neutralization in Suricata

CWE-707Improper Neutralization8 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 30.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oisf SuricataSuricata-ids Suricata
Timeline
PublishedAug 28
Latest updateMay 24

Description

An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parse_clientid_option in the dhcp/parser.rs file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debianoisf/suricata< 1:4.1.4-1+3

🔴Vulnerability Details

3
GHSA
GHSA-7j9m-fcrr-vgjh: An issue was discovered in Suricata 42022-05-24
OSV
CVE-2019-10052: An issue was discovered in Suricata 42019-08-28
CVEList
CVE-2019-10052: An issue was discovered in Suricata 42019-08-28

📋Vendor Advisories

1
Debian
CVE-2019-10052: suricata - An issue was discovered in Suricata 4.1.3. If the network packet does not have t...2019

💬Community

3
Bugzilla
CVE-2019-10052 suricata: rust environment runs into panic in parse_clientid_option in dhcp/parser.rs when parser tries to access DHCP packet2019-08-29
Bugzilla
CVE-2019-10052 suricata: rust environment runs into panic in parse_clientid_option in dhcp/parser.rs when parser tries to access DHCP packet [fedora-all]2019-08-29
Bugzilla
CVE-2019-10052 suricata: rust environment runs into panic in parse_clientid_option in dhcp/parser.rs when parser tries to access DHCP packet [epel-7]2019-08-29
CVE-2019-10052 — Improper Neutralization in Suricata | cvebase