CVE-2019-10056

Name of the Vulnerable Software and Affected Versions: Suricata version 4.1.3

Description: The issue arises from the mishandling of network packets in the DecodeEthernet function, specifically when a packet is sent with the right type, causing the function to execute twice. This leads to the algorithm cutting the first part of the packet and failing to determine its current length. For instance, a packet exactly 28 bytes long is processed incorrectly, resulting in a crash when the program attempts to cast the packet without a type.

Recommendations: For Suricata version 4.1.3, consider updating to a newer version that addresses this issue, as the current version's handling of specific network packet types can lead to a crash. At the moment, there is no information about a newer version that contains a fix for this vulnerability.