CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2019-10051
https://notcve.org/view.php?id=CVE-2019-10051
28 Aug 2019 — An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk }" item, then the program enters an smb/files.rs error condition and crashes. Se descubrió un problema en Suricata 4.1.3. Si la función filetracker_newchunk encuentra un elemento inseguro "Some (sfcm) => {ft.new_chunk}", el programa ingresa una condición de error smb / files.rs y se bloquea. • https://github.com/OISF/suricata/pull/3734 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10053
https://notcve.org/view.php?id=CVE-2019-10053
13 May 2019 — An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow. Se descubrió un problema en Suricata versión 4.1.x anterior a la 4.1.4. Si la entrada de la función SSHParseBanner está compuesta sólo por un carácter, entonces el programa se ejecuta en una sobrelectura de búfer basada en pilas. • https://lists.openinfosecfoundation.org/pipermail/oisf-announce • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10244
https://notcve.org/view.php?id=CVE-2018-10244
04 Apr 2019 — Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check. La versión 4.0.4 de Suricata gestiona de manera incorrecta el análisis de las unidades de datos de protocolo (PDU) de EtherNet/IP. Un PDU mal formado puede hacer que el código de análisis lea más allá de los datos asignados porque DecodeENIPPDU en app-layer-en... • https://suricata-ids.org/2018/07/18/suricata-4-0-5-available • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-10242
https://notcve.org/view.php?id=CVE-2018-10242
04 Apr 2019 — Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check. La versión 4.0.4 de Suricata gestiona de manera incorrecta el análisis del banner SSH. Un banner SSH mal formado puede hacer que el código de análisis lea más allá de los datos asignados porque SSHParseBanner en app-layer-ssh.c carece de comprobación de longitud. • https://lists.debian.org/debian-lts-announce/2019/04/msg00010.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2018-18956
https://notcve.org/view.php?id=CVE-2018-18956
05 Nov 2018 — The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018. La función ProcessMimeEntity en util-decode-mime.c en Suricata, desde la versión 4.x hasta la 4.0.5, permite que los atacantes remotos provoquen una denegación de servicio (segfault y cierre inesperado del demonio) mediante entradas manipulada en el analizador SMTP, t... • https://lists.openinfosecfoundation.org/pipermail/oisf-users/2018-November/016316.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10728
https://notcve.org/view.php?id=CVE-2016-10728
23 Jul 2018 — An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection. Se ha descubierto un problema en versiones anteriores a la 3.1.2 de Suricata. • https://github.com/kirillwow/ids_bypass • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-14568
https://notcve.org/view.php?id=CVE-2018-14568
23 Jul 2018 — Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received). Suricata en versiones anteriores a la 4.0.5 detiene la inspección de transmisiones TCP al recibir un TCP RST de un servidor. Esto permite la omisión de la detección debido a que los clientes de Windows TCP continuaban el procesamiento habit... • https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345 •
CVSS: 5.3EPSS: 39%CPEs: 2EXPL: 2CVE-2018-6794 – Suricata < 4.0.4 - IDS Detection Bypass
https://notcve.org/view.php?id=CVE-2018-6794
07 Feb 2018 — Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as u... • https://packetstorm.news/files/id/146638 • CWE-693: Protection Mechanism Failure •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2013-5919
https://notcve.org/view.php?id=CVE-2013-5919
25 Sep 2013 — Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record. Suricata anterior a 1.4.6 permite a atacantes remotos causar una denegación de servicio (caída) a través de un registro SSL malformado. • http://secunia.com/advisories/54968 • CWE-20: Improper Input Validation •