CVE-2021-37592 — Out-of-bounds Write in Suricata

Severity

9.8CRITICALNVD

EPSS

0.2%

top 63.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedNov 19

Latest updateNov 20

Description

Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

▶NVDoisf/suricata6.0.0 — 6.0.4+1

▶Debianoisf/suricata< 1:6.0.4-1+2

GHSA

GHSA-hxgj-p44f-9x32: Suricata before 5↗2021-11-20

▶

CVEList

CVE-2021-37592: Suricata before 5↗2021-11-19

▶

OSV

CVE-2021-37592: Suricata before 5↗2021-11-19

▶

Debian

CVE-2021-37592: suricata - Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with ...↗2021

▶