Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
suricata-ids suricata vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-10052
An issue exists in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parse_clientid_option in the dhcp/parser.rs file.
Suricata-ids Suricata 4.1.3
7.5
CVSSv2
CVE-2019-10053
An issue exists in Suricata 4.1.x prior to 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow.
Suricata-ids Suricata
7.5
CVSSv2
CVE-2018-10244
Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check.
Suricata-ids Suricata 4.0.4
5
CVSSv2
CVE-2018-10242
Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check.
Suricata-ids Suricata 4.0.4
Debian Debian Linux 8.0
5
CVSSv2
CVE-2018-18956
The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x prior to 4.0.6 allows remote malicious users to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018.
Suricata-ids Suricata
5
CVSSv2
CVE-2016-10728
An issue exists in Suricata prior to 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed de...
Suricata-ids Suricata
1 Github repository
5
CVSSv2
CVE-2018-14568
Suricata prior to 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).
Suricata-ids Suricata
1 Github repository
5
CVSSv2
CVE-2018-6794
Suricata prior to 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web client...
Suricata-ids Suricata
Debian Debian Linux 8.0
1 EDB exploit
1 Github repository
5
CVSSv2
CVE-2013-5919
Suricata prior to 1.4.6 allows remote malicious users to cause a denial of service (crash) via a malformed SSL record.
Suricata-ids Suricata 1.4.4
Suricata-ids Suricata 1.4.3
Openinfosecfoundation Suricata 1.4
Suricata-ids Suricata 1.3.6
Openinfosecfoundation Suricata 1.3
Openinfosecfoundation Suricata
Suricata-ids Suricata 1.3.2
Suricata-ids Suricata 1.3.1
Suricata-ids Suricata 1.4.2
Suricata-ids Suricata 1.4.1
Suricata-ids Suricata 1.3.5
Suricata-ids Suricata 1.3.4
Suricata-ids Suricata 1.3.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2