CVE-2019-10055Integer Overflow or Wraparound in Suricata

CWE-190Integer Overflow or WraparoundCWE-617Reachable AssertionCWE-20Improper Input Validation6 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 33.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oisf SuricataSuricata-ids Suricata
Timeline
PublishedAug 28
Latest updateMay 24

Description

An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within the ftp/mod.rs file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debianoisf/suricata< 1:4.1.4-1+3

🔴Vulnerability Details

3
GHSA
GHSA-324r-273m-p2rj: An issue was discovered in Suricata 42022-05-24
CVEList
CVE-2019-10055: An issue was discovered in Suricata 42019-08-28
OSV
CVE-2019-10055: An issue was discovered in Suricata 42019-08-28

📋Vendor Advisories

1
Debian
CVE-2019-10055: suricata - An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks ...2019

💬Community

1
Bugzilla
CVE-2019-10055 suricata: denial of service in ftp_pasv_response2019-09-05
CVE-2019-10055 — Integer Overflow or Wraparound | cvebase