PT-2019-14331 · Open Information Security Foundation · Suricata

Published

2019-09-24

Updated

2019-09-25

CVE-2019-15699

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Suricata version 4.1.4

Description An issue was discovered in the app-layer-ssl.c component. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions attempts to access a memory region that is not allocated. This occurs because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet.

Recommendations For Suricata version 4.1.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2019-15699

Affected Products

Suricata

PT-2019-14331 · Open Information Security Foundation · Suricata

CVE-2019-15699

Weakness Enumeration

Related Identifiers

Affected Products

References · 9