PT-2019-11401 · Open Information Security Foundation+1 · Suricata+1

Published

2019-05-13

Updated

2025-07-28

CVE-2019-10050

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Suricata versions 4.1.x through 4.1.3

Description: A buffer over-read issue was discovered. The issue arises when the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, allowing an attacker to manipulate the control flow. This manipulation leads to a loop condition being met, resulting in a network packet with a length of 2 bytes. Since there is no validation of this length, the code later attempts to read at an empty position, causing a crash.

Recommendations: For Suricata versions 4.1.x through 4.1.3, update to version 4.1.4 or later to resolve the issue.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2020-3551

ALT-PU-2021-2056

CVE-2019-10050

OPENSUSE-SU-2025:15394-1

Affected Products

Alt Linux

Suricata

PT-2019-11401 · Open Information Security Foundation+1 · Suricata+1

CVE-2019-10050

Weakness Enumeration

Related Identifiers

Affected Products

References · 40