PT-2019-11405 · Open Information Security Foundation · Suricata

Publicado

2019-08-28

Atualizado

2021-07-21

CVE-2019-10054

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Suricata version 4.1.3

Description: An issue was discovered in the function process reply record v3 where it lacks a check for the length of reply.data, causing an invalid memory access and resulting in the program crashing within the nfs/nfs3.rs file.

Recommendations: For Suricata version 4.1.3, consider applying a patch or fix that adds a length check for reply.data in the process reply record v3 function to prevent invalid memory access and program crashes.

Exploit

Correção

Integer Underflow

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-191CWE-20

Identificadores relacionados

CVE-2019-10054

Produtos afetados

Suricata

PT-2019-11405 · Open Information Security Foundation · Suricata

CVE-2019-10054

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9