CVE-2019-1010251

Name of the Vulnerable Software and Affected Versions: Suricata versions prior to 4.1.2

Description: The issue allows an attacker to evade signature detection by sending a specially formed network packet, potentially bypassing DNS detection. This is achieved through a Denial of Service attack. The components affected are app-layer-detect-proto.c, decode.c, decode-teredo.c, and decode-ipv6.c. An attacker can trigger this issue by sending a specifically crafted network request.

Recommendations: For Suricata versions prior to 4.1.2, update to version 4.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the affected components until the update can be applied.