CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2018-18956
https://notcve.org/view.php?id=CVE-2018-18956
05 Nov 2018 — The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018. La función ProcessMimeEntity en util-decode-mime.c en Suricata, desde la versión 4.x hasta la 4.0.5, permite que los atacantes remotos provoquen una denegación de servicio (segfault y cierre inesperado del demonio) mediante entradas manipulada en el analizador SMTP, t... • https://lists.openinfosecfoundation.org/pipermail/oisf-users/2018-November/016316.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10728
https://notcve.org/view.php?id=CVE-2016-10728
23 Jul 2018 — An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection. Se ha descubierto un problema en versiones anteriores a la 3.1.2 de Suricata. • https://github.com/kirillwow/ids_bypass • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-14568
https://notcve.org/view.php?id=CVE-2018-14568
23 Jul 2018 — Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received). Suricata en versiones anteriores a la 4.0.5 detiene la inspección de transmisiones TCP al recibir un TCP RST de un servidor. Esto permite la omisión de la detección debido a que los clientes de Windows TCP continuaban el procesamiento habit... • https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345 •
CVSS: 5.3EPSS: 39%CPEs: 2EXPL: 2CVE-2018-6794 – Suricata < 4.0.4 - IDS Detection Bypass
https://notcve.org/view.php?id=CVE-2018-6794
07 Feb 2018 — Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as u... • https://packetstorm.news/files/id/146638 • CWE-693: Protection Mechanism Failure •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15377
https://notcve.org/view.php?id=CVE-2017-15377
23 Oct 2017 — In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default). En Suricata en versiones anteriores a las 4.x, era posible desencadenar numerosos chequeos redundantes en el contenido del trafico de ... • https://github.com/OISF/suricata/commit/b9579fbe7dd408200ef03cbe20efddb624b73885 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-8954
https://notcve.org/view.php?id=CVE-2015-8954
20 Mar 2017 — The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request. La función MemcmpLowercase en Suricata en versiones anteriores a 2.0.6 excluye incorrectamente el primer byte de las comparaciones, lo que podría permitir a atacantes remotos eludir la funcionalidad de prevención de intrusiones a través de una solicitud HTTP manipulada. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777523 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7177
https://notcve.org/view.php?id=CVE-2017-7177
18 Mar 2017 — Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. Suricata en versiones anteriores a 3.2.1 tiene un problema de evasión de desfragmentación IPv4 provocado por la falta de una comprobación para el protocolo IP durante la coincidencia de fragmentos. • http://www.securityfocus.com/bid/97047 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0971 – Debian Security Advisory 3254-1
https://notcve.org/view.php?id=CVE-2015-0971
11 May 2015 — The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates. El analizador sintáctico DER en Suricata anterior a 2.0.8 permite a atacantes remotos causar una denegación de servicio (caída) a través de vectores relacionados con certificados SSL/TLS. Kostya Kortchinsky of the Google Security Team discovered a flaw in the DER parser used to decode SSL/TLS certificates in suricata. A remote attacker can take advantage of this f... • http://suricata-ids.org/2015/05/06/suricata-2-0-8-available • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 2CVE-2014-6603 – Suricata 2.0.3 out of Bounds Access
https://notcve.org/view.php?id=CVE-2014-6603
24 Sep 2014 — The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other impact via a crafted banner, which triggers a large memory allocation or an out-of-bounds write. La función SSHParseBanner en SSH parser (app-layer-ssh.c) en Suricata anterior a 2.0.4 permite a atacantes remotos evadir las normas SSH, causar una denegación de servicio (caída), o posiblemente tener otro impacto ... • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139630.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2013-5919
https://notcve.org/view.php?id=CVE-2013-5919
25 Sep 2013 — Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record. Suricata anterior a 1.4.6 permite a atacantes remotos causar una denegación de servicio (caída) a través de un registro SSL malformado. • http://secunia.com/advisories/54968 • CWE-20: Improper Input Validation •