Suricata
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8954 | Cri | 0.64 | 9.8 | 0.03 | Mar 20, 2017 | The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request. | ||
| CVE-2018-14568 | Hig | 0.42 | 7.5 | 0.02 | Jul 23, 2018 | Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received). | ||
| CVE-2016-10728 | Med | 0.28 | 5.3 | 0.02 | Jul 23, 2018 | An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to… | ||
| CVE-2015-0971 | 0.00 | — | 0.01 | May 14, 2015 | The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates. | |||
| CVE-2013-5919 | 0.00 | — | 0.02 | May 30, 2014 | Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record. |
- risk 0.64cvss 9.8epss 0.03
The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.
- risk 0.42cvss 7.5epss 0.02
Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).
- risk 0.28cvss 5.3epss 0.02
An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to…
- CVE-2015-0971May 14, 2015risk 0.00cvss —epss 0.01
The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates.
- CVE-2013-5919May 30, 2014risk 0.00cvss —epss 0.02
Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record.