Oisf Suricata vulnerabilities

CVE-2019-16411 [CRITICAL] CVE-2019-16411: An issue was discovered in Suricata 4 An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len data + 3)" places one beyond the 3 bytes, because the code should have been "flag = *(o->data + 1)" instead.

CVE-2019-15699 [CRITICAL] CVE-2019-15699: An issue was discovered in app-layer-ssl An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet.

CVE-2019-10052 [HIGH] CVE-2019-10052: An issue was discovered in Suricata 4 An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parse_clientid_option in the dhcp/parser.rs file.

CVE-2019-10051 [HIGH] CVE-2019-10051: An issue was discovered in Suricata 4 An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk }" item, then the program enters an smb/files.rs error condition and crashes.

CVE-2019-10055 [HIGH] CVE-2019-10055: An issue was discovered in Suricata 4 An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within the ftp/mod.rs file.

CVE-2019-10054 [HIGH] CVE-2019-10054: An issue was discovered in Suricata 4 An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access and the program crashes within the nfs/nfs3.rs file.

CVE-2019-10056 [HIGH] CVE-2019-10056: An issue was discovered in Suricata 4 An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and doesn't determine the current length. Specifically, if the packet is exactly 28 long, in the first iteration it subtracts 14 bytes. Then, it is workin

CVE-2019-1010279 [HIGH] CWE-347 CVE-2019-1010279: Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Servi Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65f

CVE-2019-1010251 [HIGH] CWE-20 CVE-2019-1010251: Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Servi Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, decode-teredo.c and decode-ipv6.c (https://github.com/OISF/suricata/pul

CVE-2019-10053 [CRITICAL] CVE-2019-10053: An issue was discovered in Suricata 4 An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow.

CVE-2019-10050 [HIGH] CWE-125 CVE-2019-10050: A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-m A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. A

CVE-2018-10244 [CRITICAL] CWE-190 CVE-2018-10244: Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can ca Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check.

CVE-2018-10243 [CRITICAL] CVE-2018-10243: htp_parse_authorization_digest in htp_parsers htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.

CVE-2018-10242 [HIGH] CWE-125 CVE-2018-10242: Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check.

CVE-2018-18956 [HIGH] CVE-2018-18956: The ProcessMimeEntity function in util-decode-mime The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018.

CVE-2018-14568 [HIGH] CVE-2018-14568: Suricata before 4 Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).

CVE-2016-10728 [MEDIUM] CVE-2016-10728: An issue was discovered in Suricata before 3 An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection.

CVE-2018-6794 [MEDIUM] CVE-2018-6794: Suricata before 4 Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream conten

CVE-2017-15377 [HIGH] CVE-2017-15377: In Suricata before 4 In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default).

CVE-2015-0928 [HIGH] CVE-2015-0928: libhtp 0 libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference).