Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
suricata vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-1010279
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://g...
Oisf Suricata
7.5
CVSSv3
CVE-2019-1010251
Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, d...
Oisf Suricata 4.1.0
Oisf Suricata 4.0.2
Oisf Suricata 4.0.3
Oisf Suricata 4.0.5
7.5
CVSSv3
CVE-2019-10050
A buffer over-read issue exists in Suricata 4.1.x prior to 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the...
Oisf Suricata
7.5
CVSSv3
CVE-2018-10242
Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check.
Suricata-ids Suricata 4.0.4
Debian Debian Linux 8.0
7.5
CVSSv3
CVE-2018-18956
The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x prior to 4.0.6 allows remote malicious users to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018.
Suricata-ids Suricata
7.5
CVSSv3
CVE-2018-14568
Suricata prior to 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).
Suricata-ids Suricata
1 Github repository
7.5
CVSSv3
CVE-2017-15377
In Suricata prior to 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should aft...
Openinfosecfoundation Suricata
7.5
CVSSv3
CVE-2017-7177
Suricata prior to 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.
Openinfosecfoundation Suricata
7.3
CVSSv3
CVE-2014-9769
pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote malicious users to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets...
Pcre Pcre 8.35
5.3
CVSSv3
CVE-2019-17420
In OISF LibHTP prior to 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
Oisf Libhtp
Suricata-ids Suricata 4.1.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »