7.5

CVE-2019-10056

Exploit

EPSS 0.5%
Veröffentlicht 28.08.2019 21:15:10
Zuletzt bearbeitet 21.11.2024 04:18:17
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and doesn't determine the current length. Specifically, if the packet is exactly 28 long, in the first iteration it subtracts 14 bytes. Then, it is working with a packet length of 14. At this point, the case distinction says it is a valid packet. After that it casts the packet, but this packet has no type, and the program crashes at the type case distinction.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Suricata-ids ≫ Suricata Version4.1.3

Suricata-ids ≫ Suricata Version4.1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.5%	0.65

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/

Vendor Advisory

Not Applicable

Release Notes

https://redmine.openinfosecfoundation.org/issues/2946

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2019-10056

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-10056

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-10056

EUVD