CVE-2019-10050
https://notcve.org/view.php?id=CVE-2019-10050
A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash. • https://lists.openinfosecfoundation.org/pipermail/oisf-announce https://suricata-ids.org/2019/04/30/suricata-4-1-4-released • CWE-125: Out-of-bounds Read •
CVE-2018-10244
https://notcve.org/view.php?id=CVE-2018-10244
Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check. La versión 4.0.4 de Suricata gestiona de manera incorrecta el análisis de las unidades de datos de protocolo (PDU) de EtherNet/IP. Un PDU mal formado puede hacer que el código de análisis lea más allá de los datos asignados porque DecodeENIPPDU en app-layer-enip-commmon.c presenta un desbordamiento de enteros durante una comprobación de longitud. • https://suricata-ids.org/2018/07/18/suricata-4-0-5-available • CWE-190: Integer Overflow or Wraparound •
CVE-2018-10242
https://notcve.org/view.php?id=CVE-2018-10242
Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check. La versión 4.0.4 de Suricata gestiona de manera incorrecta el análisis del banner SSH. Un banner SSH mal formado puede hacer que el código de análisis lea más allá de los datos asignados porque SSHParseBanner en app-layer-ssh.c carece de comprobación de longitud. • https://lists.debian.org/debian-lts-announce/2019/04/msg00010.html https://suricata-ids.org/2018/07/18/suricata-4-0-5-available • CWE-125: Out-of-bounds Read •
CVE-2018-18956
https://notcve.org/view.php?id=CVE-2018-18956
The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018. La función ProcessMimeEntity en util-decode-mime.c en Suricata, desde la versión 4.x hasta la 4.0.5, permite que los atacantes remotos provoquen una denegación de servicio (segfault y cierre inesperado del demonio) mediante entradas manipulada en el analizador SMTP, tal y como se explotó "in the wild" en noviembre de 2018. • https://lists.openinfosecfoundation.org/pipermail/oisf-users/2018-November/016316.html https://lists.openinfosecfoundation.org/pipermail/oisf-users/2018-October/016227.html https://redmine.openinfosecfoundation.org/issues/2658#change-10374 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-10728
https://notcve.org/view.php?id=CVE-2016-10728
An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection. Se ha descubierto un problema en versiones anteriores a la 3.1.2 de Suricata. • https://github.com/kirillwow/ids_bypass https://lists.debian.org/debian-lts-announce/2018/09/msg00019.html https://redmine.openinfosecfoundation.org/issues/1880 https://suricata-ids.org/2016/09/07/suricata-3-1-2-released • CWE-20: Improper Input Validation •