VYPR
Unrated severityNVD Advisory· Published Sep 24, 2019· Updated Aug 5, 2024

CVE-2019-15699

CVE-2019-15699

Description

An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet.

Affected products

2
  • Suricata/Suricatadescription
  • Oisf/Suricatallm-fuzzy
    Range: = 4.1.4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.