CVE-2021-45098Suricata vulnerability

5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 29.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oisf SuricataDebian Linux
Timeline
PublishedDec 16
Latest updateDec 17

Description

An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client's request. These packets will not trigger a Suric

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDoisf/suricata< 6.0.4
Debianoisf/suricata< 1:6.0.1-3+deb11u1+3

Also affects: Debian Linux 10.0, 11.0, 9.0

Patches

Patch: github.comPatch: redmine.openinfosecfoundation.orgPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-cfcf-x7x2-gpf8: An issue was discovered in Suricata before 62021-12-17
OSV
CVE-2021-45098: An issue was discovered in Suricata before 62021-12-16
CVEList
CVE-2021-45098: An issue was discovered in Suricata before 62021-12-16

📋Vendor Advisories

1
Debian
CVE-2021-45098: suricata - An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade...2021
CVE-2021-45098 — Oisf Suricata vulnerability | cvebase