#VU35905 Integer underflow in Suricata - CVE-2019-10053

Cybersecurity Help s.r.o.

Published: 2019-05-13 | Updated: 2020-08-08

Vulnerability identifier: #VU35905

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-10053

CWE-ID: CWE-191

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Suricata
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Open Information Security Foundation

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for results in an integer underflow.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Suricata: 4.1.0 - 4.1.3

External links
https://lists.openinfosecfoundation.org/pipermail/oisf-announce/
https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Suricata