Suricata-ids Suricata
14 CVEs affecting Suricata-ids Suricata. Latest disclosed: 2019-10-10. Critical: 4, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-16411 | Critical | 9.8 | 2019-09-24 | An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4… |
CVE-2019-10053 | Critical | 9.8 | 2019-05-13 | An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs i… |
CVE-2019-16410 | Critical | 9.1 | 2019-09-24 | An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to access a memory reg… |
CVE-2019-15699 | Critical | 9.1 | 2019-09-24 | An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions… |
CVE-2019-10056 | High | 7.5 | 2019-08-28 | An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet… |
CVE-2019-10055 | High | 7.5 | 2019-08-28 | An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within the ftp/mo… |
CVE-2019-10054 | High | 7.5 | 2019-08-28 | An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access… |
CVE-2019-10052 | High | 7.5 | 2019-08-28 | An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this po… |
CVE-2019-10051 | High | 7.5 | 2019-08-28 | An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk }" item, then the program en… |
CVE-2018-18956 | High | 7.5 | 2018-11-05 | The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon cra… |
CVE-2018-14568 | High | 7.5 | 2018-07-23 | Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal pr… |
CVE-2019-17420 | Medium | 5.3 | 2019-10-10 | In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a r… |
CVE-2016-10728 | Medium | 5.3 | 2018-07-23 | An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses t… |
CVE-2018-6794 | Medium | 5.3 | 2018-02-07 | Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends… |