Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 06/01/2020 Updated: 01/02/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

An issue exists in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets.

Vulnerable Product	Search on Vulmon	Subscribe to Product
suricata-ids suricata 5.0.0
debian debian linux 8.0

NVD-CWE-noinfo https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318 https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0 https://redmine.openinfosecfoundation.org/issues/3395 https://redmine.openinfosecfoundation.org/issues/3286 https://lists.debian.org/debian-lts-announce/2020/01/msg00032.html https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-18625

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect