PT-2019-14666 · Open Information Security Foundation · Suricata

Publicado

2019-09-24

Atualizado

2019-10-18

CVE-2019-16410

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Suricata version 4.1.4

Description An issue was discovered where sending multiple fragmented IPv4 packets causes the function Defrag4Reassemble in defrag.c to try to access a memory region that is not allocated. This occurs due to a lack of header len checking.

Recommendations For Suricata version 4.1.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

CVE-2019-16410

Produtos afetados

Suricata

PT-2019-14666 · Open Information Security Foundation · Suricata

CVE-2019-16410

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10