PT-2019-11405 · Open Information Security Foundation · Suricata

Published

2019-08-28

Updated

2021-07-21

CVE-2019-10054

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Suricata version 4.1.3

Description: An issue was discovered in the function process reply record v3 where it lacks a check for the length of reply.data, causing an invalid memory access and resulting in the program crashing within the nfs/nfs3.rs file.

Recommendations: For Suricata version 4.1.3, consider applying a patch or fix that adds a length check for reply.data in the process reply record v3 function to prevent invalid memory access and program crashes.

Exploit

Fix

Integer Underflow

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191CWE-20

Related Identifiers

CVE-2019-10054

Affected Products

Suricata

PT-2019-11405 · Open Information Security Foundation · Suricata

CVE-2019-10054

Weakness Enumeration

Related Identifiers

Affected Products

References · 9