Multiple vulnerabilities in Suricata
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2019-10053 CVE-2019-10050 |
| CWE-ID | CWE-191 CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Suricata Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Open Information Security Foundation |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Integer underflow
EUVDB-ID: #VU35905
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2019-10053
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for results in an integer underflow.
MitigationInstall update from vendor's website.
Vulnerable software versionsSuricata: 4.1.0 - 4.1.3
CPE2.3 External linkshttps://lists.openinfosecfoundation.org/pipermail/oisf-announce/
https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU35906
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-10050
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash. A remote attacker can perform a denial of service attack.
MitigationUpdate to version 4.1.4.
Vulnerable software versionsSuricata: 4.0.0 - 4.1.3
CPE2.3- cpe:2.3:a:oisf:suricata:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oisf:suricata:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oisf:suricata:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oisf:suricata:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oisf:suricata:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oisf:suricata:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oisf:suricata:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:oisf:suricata:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oisf:suricata:4.1.3:*:*:*:*:*:*:*
https://lists.openinfosecfoundation.org/pipermail/oisf-announce/
https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
