CVE-2019-16410 — Out-of-bounds Read in Suricata
Severity
9.1CRITICALNVD
EPSS
0.7%
top 28.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 24
Latest updateMay 24
Description
An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to access a memory region that is not allocated, because of a lack of header_len checking.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2
Affected Packages2 packages
🔴Vulnerability Details
3📋Vendor Advisories
1Debian▶
CVE-2019-16410: suricata - An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 p...↗2019