CVE-2019-1010251
https://notcve.org/view.php?id=CVE-2019-1010251
Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, decode-teredo.c and decode-ipv6.c (https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe, https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b). The attack vector is: An attacker can trigger the vulnerability by sending a specifically crafted network request. The fixed version is: 4.1.2. • https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b https://redmine.openinfosecfoundation.org/issues/2736 • CWE-20: Improper Input Validation •
CVE-2019-10053
https://notcve.org/view.php?id=CVE-2019-10053
An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow. Se descubrió un problema en Suricata versión 4.1.x anterior a la 4.1.4. Si la entrada de la función SSHParseBanner está compuesta sólo por un carácter, entonces el programa se ejecuta en una sobrelectura de búfer basada en pilas. • https://lists.openinfosecfoundation.org/pipermail/oisf-announce https://suricata-ids.org/2019/04/30/suricata-4-1-4-released • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2019-10050
https://notcve.org/view.php?id=CVE-2019-10050
A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash. • https://lists.openinfosecfoundation.org/pipermail/oisf-announce https://suricata-ids.org/2019/04/30/suricata-4-1-4-released • CWE-125: Out-of-bounds Read •