
CVE-2019-18792
https://notcve.org/view.php?id=CVE-2019-18792
06 Jan 2020 — An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suricata because it overlaps the FIN packet (the sequence and ack number are identical in the two packets). The client will ignore the fake FIN packet because the ACK flag is not set. • https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b • CWE-436: Interpretation Conflict •

CVE-2019-17420
https://notcve.org/view.php?id=CVE-2019-17420
09 Oct 2019 — In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending. En OISF LibHTP versiones anteriores a 0.5.31, como es usado en Suricata versión 4.1.4 y otros productos, un error de análisis del protocolo HTTP hace que la firma http_header no avise en una respuesta con un solo \r\n al final. • https://github.com/OISF/libhtp/compare/0.5.30...0.5.31 • CWE-459: Incomplete Cleanup •

CVE-2019-16410
https://notcve.org/view.php?id=CVE-2019-16410
24 Sep 2019 — An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to access a memory region that is not allocated, because of a lack of header_len checking. Se detectó un problema en Suricata versión 4.1.4. Mediante el envío de múltiples paquetes IPv4 fragmentados, la función Defrag4Reassemble en el archivo defrag.c intenta acceder a una región de memoria que no está asignada, debido a una falta de comprobación de header_len. • https://lists.openinfosecfoundation.org/pipermail/oisf-announce • CWE-125: Out-of-bounds Read •

CVE-2019-16411
https://notcve.org/view.php?id=CVE-2019-16411
24 Sep 2019 — An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, "flag = *(o->data + 3)" places one beyond the 3 bytes, because the code should have been "flag = *(o->data + 1)" instead. Se detectó un problema en Suricata versión 4.1.4. • https://lists.openinfosecfoundation.org/pipermail/oisf-announce • CWE-125: Out-of-bounds Read •

CVE-2019-15699
https://notcve.org/view.php?id=CVE-2019-15699
24 Sep 2019 — An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet. Se detectó un problema en el archivo app-layer-ssl.c en Suricata versión 4.1.4. Tras recibir un paquete SSLv3 (TLS 1.2) corrupto, la función de analizador TLSDecodeHSHelloE... • https://lists.openinfosecfoundation.org/pipermail/oisf-announce • CWE-125: Out-of-bounds Read •

CVE-2019-10056
https://notcve.org/view.php?id=CVE-2019-10056
28 Aug 2019 — An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and doesn't determine the current length. Specifically, if the packet is exactly 28 long, in the first iteration it subtracts 14 bytes. Then, it is working with a packet length of 14. • https://redmine.openinfosecfoundation.org/issues/2946 • CWE-787: Out-of-bounds Write •

CVE-2019-10055
https://notcve.org/view.php?id=CVE-2019-10055
28 Aug 2019 — An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within the ftp/mod.rs file. Se descubrió un problema en Suricata 4.1.3. La función ftp_pasv_response carece de una verificación de la longitud de part1 y part2, lo que provoca un bloqueo dentro del archivo ftp / mod.rs. • https://redmine.openinfosecfoundation.org/issues/2949 • CWE-190: Integer Overflow or Wraparound CWE-617: Reachable Assertion •

CVE-2019-10054
https://notcve.org/view.php?id=CVE-2019-10054
28 Aug 2019 — An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access and the program crashes within the nfs/nfs3.rs file. Se descubrió un problema en Suricata 4.1.3. La función process_reply_record_v3 carece de una verificación para la longitud de reply.data. • https://redmine.openinfosecfoundation.org/issues/2943 • CWE-20: Improper Input Validation CWE-191: Integer Underflow (Wrap or Wraparound) •

CVE-2019-10052
https://notcve.org/view.php?id=CVE-2019-10052
28 Aug 2019 — An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parse_clientid_option in the dhcp/parser.rs file. Se descubrió un problema en Suricata 4.1.3. Si el paquete de red no tiene la longitud correcta, el analizador intenta acceder a una parte de un paquete DHCP. • https://redmine.openinfosecfoundation.org/issues/2902 • CWE-707: Improper Neutralization •

CVE-2019-10051
https://notcve.org/view.php?id=CVE-2019-10051
28 Aug 2019 — An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk }" item, then the program enters an smb/files.rs error condition and crashes. Se descubrió un problema en Suricata 4.1.3. Si la función filetracker_newchunk encuentra un elemento inseguro "Some (sfcm) => {ft.new_chunk}", el programa ingresa una condición de error smb / files.rs y se bloquea. • https://github.com/OISF/suricata/pull/3734 • CWE-754: Improper Check for Unusual or Exceptional Conditions •