PT-2019-11540 · Open Information Security Foundation+1 · Suricata+1

Alexey Vishnyakov

Published

2019-07-18

Updated

2021-06-24

CVE-2019-1010279

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Suricata versions prior to 4.1.3

Description: The issue allows an attacker to bypass signature detection using a specially formed sequence of network packets, potentially evading detection. This can be triggered by an attacker through a specifically crafted network TCP session.

Recommendations: For versions prior to 4.1.3, update to version 4.1.3 to resolve the issue. As a temporary workaround, consider restricting access to detect.c component until the update is applied.

Exploit

Fix

DoS

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

ALT-PU-2020-3551

ALT-PU-2021-2056

CVE-2019-1010279

Affected Products

Alt Linux

Suricata

PT-2019-11540 · Open Information Security Foundation+1 · Suricata+1

CVE-2019-1010279

Weakness Enumeration

Related Identifiers

Affected Products

References · 11