Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
suricata-ids vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-18625
An issue exists in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignor...
Suricata-ids Suricata 5.0.0
Debian Debian Linux 8.0
9.1
CVSSv3
CVE-2019-18792
An issue exists in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be igno...
Suricata-ids Suricata
Suricata-ids Suricata 5.0.0
Debian Debian Linux 8.0
5.3
CVSSv3
CVE-2019-17420
In OISF LibHTP prior to 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
Oisf Libhtp
Suricata-ids Suricata 4.1.4
9.1
CVSSv3
CVE-2019-16410
An issue exists in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to access a memory region that is not allocated, because of a lack of header_len checking.
Suricata-ids Suricata 4.1.4
9.1
CVSSv3
CVE-2019-15699
An issue exists in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real ...
Suricata-ids Suricata 4.1.4
9.8
CVSSv3
CVE-2019-16411
An issue exists in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of head...
Suricata-ids Suricata 4.1.4
7.5
CVSSv3
CVE-2019-10054
An issue exists in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access and the program crashes within the nfs/nfs3.rs file.
Suricata-ids Suricata 4.1.3
7.5
CVSSv3
CVE-2019-10056
An issue exists in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and doesn't d...
Suricata-ids Suricata 4.1.3
Suricata-ids Suricata 4.1.4
7.5
CVSSv3
CVE-2019-10055
An issue exists in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within the ftp/mod.rs file.
Suricata-ids Suricata 4.1.4
7.5
CVSSv3
CVE-2019-10051
An issue exists in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk }" item, then the program enters an smb/files.rs error condition and crashes.
Suricata-ids Suricata 4.1.4
Suricata-ids Suricata 4.1.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »