CVE-2021-35063
https://notcve.org/view.php?id=CVE-2021-35063
Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion." Suricata versiones anteriores a 5.0.7 y versiones 6.x anteriores a 6.0.3, presenta una "evasión crítica" • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990835 https://bugzilla.redhat.com/show_bug.cgi?id=1980453 https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489 https://github.com/OISF/suricata/releases https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JU27J2ZYG6FBDL5CERE6FBB4ZFGHOROE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEP7PWY4LRT2R4MFLV7JIJRYZEZ7RQFL https://security-tracker.debian.org/tracker/ •
CVE-2019-1010279
https://notcve.org/view.php?id=CVE-2019-1010279
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3. • https://github.com/OISF/suricata/pull/3625 https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b https://redmine.openinfosecfoundation.org/issues/2770 • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2019-1010251
https://notcve.org/view.php?id=CVE-2019-1010251
Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, decode-teredo.c and decode-ipv6.c (https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe, https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b). The attack vector is: An attacker can trigger the vulnerability by sending a specifically crafted network request. The fixed version is: 4.1.2. • https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b https://redmine.openinfosecfoundation.org/issues/2736 • CWE-20: Improper Input Validation •
CVE-2019-10050
https://notcve.org/view.php?id=CVE-2019-10050
A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash. • https://lists.openinfosecfoundation.org/pipermail/oisf-announce https://suricata-ids.org/2019/04/30/suricata-4-1-4-released • CWE-125: Out-of-bounds Read •
CVE-2018-10244
https://notcve.org/view.php?id=CVE-2018-10244
Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check. La versión 4.0.4 de Suricata gestiona de manera incorrecta el análisis de las unidades de datos de protocolo (PDU) de EtherNet/IP. Un PDU mal formado puede hacer que el código de análisis lea más allá de los datos asignados porque DecodeENIPPDU en app-layer-enip-commmon.c presenta un desbordamiento de enteros durante una comprobación de longitud. • https://suricata-ids.org/2018/07/18/suricata-4-0-5-available • CWE-190: Integer Overflow or Wraparound •