CVE-2019-10055
https://notcve.org/view.php?id=CVE-2019-10055
An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within the ftp/mod.rs file. Se descubrió un problema en Suricata 4.1.3. La función ftp_pasv_response carece de una verificación de la longitud de part1 y part2, lo que provoca un bloqueo dentro del archivo ftp / mod.rs. • https://redmine.openinfosecfoundation.org/issues/2949 https://suricata-ids.org/2019/04/30/suricata-4-1-4-released • CWE-190: Integer Overflow or Wraparound CWE-617: Reachable Assertion •
CVE-2019-10054
https://notcve.org/view.php?id=CVE-2019-10054
An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access and the program crashes within the nfs/nfs3.rs file. Se descubrió un problema en Suricata 4.1.3. La función process_reply_record_v3 carece de una verificación para la longitud de reply.data. • https://redmine.openinfosecfoundation.org/issues/2943 https://suricata-ids.org/2019/04/30/suricata-4-1-4-released • CWE-20: Improper Input Validation CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2019-10052
https://notcve.org/view.php?id=CVE-2019-10052
An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parse_clientid_option in the dhcp/parser.rs file. Se descubrió un problema en Suricata 4.1.3. Si el paquete de red no tiene la longitud correcta, el analizador intenta acceder a una parte de un paquete DHCP. • https://redmine.openinfosecfoundation.org/issues/2902 https://redmine.openinfosecfoundation.org/issues/2947 https://suricata-ids.org/2019/04/30/suricata-4-1-4-released • CWE-707: Improper Neutralization •
CVE-2019-10051
https://notcve.org/view.php?id=CVE-2019-10051
An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk }" item, then the program enters an smb/files.rs error condition and crashes. Se descubrió un problema en Suricata 4.1.3. Si la función filetracker_newchunk encuentra un elemento inseguro "Some (sfcm) => {ft.new_chunk}", el programa ingresa una condición de error smb / files.rs y se bloquea. • https://github.com/OISF/suricata/pull/3734 https://redmine.openinfosecfoundation.org/issues/2896 https://suricata-ids.org/2019/04/30/suricata-4-1-4-released • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2019-1010279
https://notcve.org/view.php?id=CVE-2019-1010279
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3. • https://github.com/OISF/suricata/pull/3625 https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b https://redmine.openinfosecfoundation.org/issues/2770 • CWE-347: Improper Verification of Cryptographic Signature •