CVE-2019-1010279

Published: Jul 18, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3.

Affected (1)

Products: Oisf: Suricata

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oisf Suricata	Before 4.1.3

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (6)

https://github.com/OISF/suricata/pull/3625

Source: josh@bress.net

Third Party Advisory

https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b

Source: josh@bress.net

PatchThird Party Advisory

https://redmine.openinfosecfoundation.org/issues/2770

Source: josh@bress.net

ExploitVendor Advisory

https://github.com/OISF/suricata/pull/3625

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://redmine.openinfosecfoundation.org/issues/2770

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.