Suricata
by Oisf
Source repositories
CVEs (80)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-18792 | 0.00 | — | 0.03 | Jan 6, 2020 | An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data)… | |||
| CVE-2019-17420 | 0.00 | — | 0.01 | Oct 9, 2019 | In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending. | |||
| CVE-2019-16410 | 0.00 | — | 0.02 | Sep 24, 2019 | An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to access a memory region that is not allocated, because of a lack of header_len checking. | |||
| CVE-2019-16411 | 0.00 | — | 0.02 | Sep 24, 2019 | An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of… | |||
| CVE-2019-15699 | 0.00 | — | 0.02 | Sep 24, 2019 | An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match… | |||
| CVE-2019-10056 | 0.00 | — | 0.01 | Aug 28, 2019 | An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and… | |||
| CVE-2019-10055 | 0.00 | — | 0.01 | Aug 28, 2019 | An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within the ftp/mod.rs file. | |||
| CVE-2019-10054 | 0.00 | — | 0.01 | Aug 28, 2019 | An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access and the program crashes within the nfs/nfs3.rs file. | |||
| CVE-2019-10052 | 0.00 | — | 0.02 | Aug 28, 2019 | An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parse_clientid_option in the dhcp/parser.rs file. | |||
| CVE-2019-10051 | 0.00 | — | 0.02 | Aug 28, 2019 | An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk }" item, then the program enters an smb/files.rs error condition and crashes. | |||
| CVE-2019-1010279 | 0.00 | — | 0.01 | Jul 18, 2019 | Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c… | |||
| CVE-2019-1010251 | 0.00 | — | 0.02 | Jul 18, 2019 | Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c,… | |||
| CVE-2019-10053 | 0.00 | — | 0.02 | May 13, 2019 | An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow. | |||
| CVE-2019-10050 | 0.00 | — | 0.01 | May 13, 2019 | A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can… | |||
| CVE-2018-10244 | 0.00 | — | 0.02 | Apr 4, 2019 | Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check. | |||
| CVE-2018-10242 | 0.00 | — | 0.02 | Apr 4, 2019 | Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check. | |||
| CVE-2018-18956 | 0.00 | — | 0.03 | Nov 5, 2018 | The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018. | |||
| CVE-2015-0971 | 0.00 | — | 0.01 | May 14, 2015 | The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates. | |||
| CVE-2014-6603 | 0.00 | — | 0.03 | Oct 7, 2014 | The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other impact via a crafted banner, which triggers a large memory allocation or an… | |||
| CVE-2013-5919 | 0.00 | — | 0.02 | May 30, 2014 | Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record. |
- CVE-2019-18792Jan 6, 2020risk 0.00cvss —epss 0.03
An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data)…
- CVE-2019-17420Oct 9, 2019risk 0.00cvss —epss 0.01
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
- CVE-2019-16410Sep 24, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to access a memory region that is not allocated, because of a lack of header_len checking.
- CVE-2019-16411Sep 24, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of…
- CVE-2019-15699Sep 24, 2019risk 0.00cvss —epss 0.02
An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match…
- CVE-2019-10056Aug 28, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and…
- CVE-2019-10055Aug 28, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within the ftp/mod.rs file.
- CVE-2019-10054Aug 28, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access and the program crashes within the nfs/nfs3.rs file.
- CVE-2019-10052Aug 28, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parse_clientid_option in the dhcp/parser.rs file.
- CVE-2019-10051Aug 28, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk }" item, then the program enters an smb/files.rs error condition and crashes.
- CVE-2019-1010279Jul 18, 2019risk 0.00cvss —epss 0.01
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c…
- CVE-2019-1010251Jul 18, 2019risk 0.00cvss —epss 0.02
Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c,…
- CVE-2019-10053May 13, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow.
- CVE-2019-10050May 13, 2019risk 0.00cvss —epss 0.01
A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can…
- CVE-2018-10244Apr 4, 2019risk 0.00cvss —epss 0.02
Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check.
- CVE-2018-10242Apr 4, 2019risk 0.00cvss —epss 0.02
Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check.
- CVE-2018-18956Nov 5, 2018risk 0.00cvss —epss 0.03
The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018.
- CVE-2015-0971May 14, 2015risk 0.00cvss —epss 0.01
The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates.
- CVE-2014-6603Oct 7, 2014risk 0.00cvss —epss 0.03
The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other impact via a crafted banner, which triggers a large memory allocation or an…
- CVE-2013-5919May 30, 2014risk 0.00cvss —epss 0.02
Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record.
Page 4 of 4