CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-45098
https://notcve.org/view.php?id=CVE-2021-45098
16 Dec 2021 — An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client's request. • https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-37592
https://notcve.org/view.php?id=CVE-2021-37592
19 Nov 2021 — Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments. Suricata versiones anteriores a 5.0.8 y versiones 6.x anteriores a 6.0.4, permite una evasión de TCP por medio de un cliente con una pila TCP/IP diseñada que puede enviar una determinada secuencia de segmentos • https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-35063
https://notcve.org/view.php?id=CVE-2021-35063
22 Jul 2021 — Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion." Suricata versiones anteriores a 5.0.7 y versiones 6.x anteriores a 6.0.3, presenta una "evasión crítica" • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990835 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-18625
https://notcve.org/view.php?id=CVE-2019-18625
06 Jan 2020 — An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets. • https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318 •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 2CVE-2019-18792
https://notcve.org/view.php?id=CVE-2019-18792
06 Jan 2020 — An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suricata because it overlaps the FIN packet (the sequence and ack number are identical in the two packets). The client will ignore the fake FIN packet because the ACK flag is not set. • https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b • CWE-436: Interpretation Conflict •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17420
https://notcve.org/view.php?id=CVE-2019-17420
09 Oct 2019 — In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending. En OISF LibHTP versiones anteriores a 0.5.31, como es usado en Suricata versión 4.1.4 y otros productos, un error de análisis del protocolo HTTP hace que la firma http_header no avise en una respuesta con un solo \r\n al final. • https://github.com/OISF/libhtp/compare/0.5.30...0.5.31 • CWE-459: Incomplete Cleanup •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16410
https://notcve.org/view.php?id=CVE-2019-16410
24 Sep 2019 — An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to access a memory region that is not allocated, because of a lack of header_len checking. Se detectó un problema en Suricata versión 4.1.4. Mediante el envío de múltiples paquetes IPv4 fragmentados, la función Defrag4Reassemble en el archivo defrag.c intenta acceder a una región de memoria que no está asignada, debido a una falta de comprobación de header_len. • https://lists.openinfosecfoundation.org/pipermail/oisf-announce • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16411
https://notcve.org/view.php?id=CVE-2019-16411
24 Sep 2019 — An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, "flag = *(o->data + 3)" places one beyond the 3 bytes, because the code should have been "flag = *(o->data + 1)" instead. Se detectó un problema en Suricata versión 4.1.4. • https://lists.openinfosecfoundation.org/pipermail/oisf-announce • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15699
https://notcve.org/view.php?id=CVE-2019-15699
24 Sep 2019 — An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet. Se detectó un problema en el archivo app-layer-ssl.c en Suricata versión 4.1.4. Tras recibir un paquete SSLv3 (TLS 1.2) corrupto, la función de analizador TLSDecodeHSHelloE... • https://lists.openinfosecfoundation.org/pipermail/oisf-announce • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-10056
https://notcve.org/view.php?id=CVE-2019-10056
28 Aug 2019 — An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and doesn't determine the current length. Specifically, if the packet is exactly 28 long, in the first iteration it subtracts 14 bytes. Then, it is working with a packet length of 14. • https://redmine.openinfosecfoundation.org/issues/2946 • CWE-787: Out-of-bounds Write •