Main Vulnerability Database Vulnerabilities #VU36824

Input validation error in Suricata - CVE-2018-14568

Published: July 23, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36824

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-14568

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Open Information Security Foundation

Affected software:
Suricata

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).

How to mitigate CVE-2018-14568

Install update from vendor's website.

Sources

https://github.com/kirillwow/ids_bypass
https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345
https://redmine.openinfosecfoundation.org/issues/2501
https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/

Input validation error in Suricata - CVE-2018-14568

Detailed vulnerability description

How to mitigate CVE-2018-14568

Sources

Please verify you're human