Denial of service in Suricata

Published: 2018-11-07 13:32:50 | Updated: 2018-11-07
Severity High
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-18956
Exploitation vector Network
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software Suricata
Vulnerable software versions Suricata 4.0.5
Suricata 4.0.2
Suricata 4.0.4

Show more

Vendor URL Open Information Security Foundation

Security Advisory

1) Segmentation fault


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to segmentation fault in the ProcessMimeEntity function in util-decode-mime.c when handling malicious input. A remote attacker can supply specially crafted input to the SMTP parser, trigger segfault and cause daemon crash.

Note: according to MITRE statement, the vulnerability has been exploited in the wild in November 2018.


Update to version 4.1.

External links

Back to List