CVE-2019-10056

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-10056

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10056.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-10056

Related

UBUNTU-CVE-2019-10056

Published

2019-08-28T21:15:10Z

Modified

2025-01-08T05:37:19.212613Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and doesn't determine the current length. Specifically, if the packet is exactly 28 long, in the first iteration it subtracts 14 bytes. Then, it is working with a packet length of 14. At this point, the case distinction says it is a valid packet. After that it casts the packet, but this packet has no type, and the program crashes at the type case distinction.

References

Affected packages

Debian:11 / suricata

Package

Name: suricata
Purl: pkg:deb/debian/suricata?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.1.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / suricata

Package

Name: suricata
Purl: pkg:deb/debian/suricata?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.1.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / suricata

Package

Name: suricata
Purl: pkg:deb/debian/suricata?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.1.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/oisf/suricata

Affected ranges

Type: GIT
Repo: https://github.com/oisf/suricata
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

14c2b6e445b3e8b5f802c4538397c12bfd3f831d

Last affected

45f2fdc1a61f868fe3eaa3b17aeb6ddc6a28f518

Affected versions

suricata-0.*

suricata-0.8.2

suricata-1.*

suricata-1.0.0

suricata-1.0.1

suricata-1.0.2

suricata-1.1

suricata-1.1beta1

suricata-1.1beta2

suricata-1.1beta3

suricata-1.1rc1

suricata-1.2

suricata-1.2.1

suricata-1.2beta1

suricata-1.2rc1

suricata-1.3

suricata-1.3.1

suricata-1.3beta1

suricata-1.3beta2

suricata-1.3rc1

suricata-1.4

suricata-1.4beta1

suricata-1.4beta2

suricata-1.4beta3

suricata-1.4rc1

suricata-2.*

suricata-2.0

suricata-2.0.1

suricata-2.0.1rc1

suricata-2.0.2

suricata-2.0beta1

suricata-2.0beta2

suricata-2.0rc1

suricata-2.0rc2

suricata-2.0rc3

suricata-2.1beta1

suricata-2.1beta2

suricata-2.1beta3

suricata-2.1beta4

suricata-3.*

suricata-3.0

suricata-3.0.1

suricata-3.0.1RC1

suricata-3.0RC1

suricata-3.0RC2

suricata-3.0RC3

suricata-3.1

suricata-3.1.1

suricata-3.1.2

suricata-3.1RC1

suricata-3.2

suricata-3.2.1

suricata-3.2RC1

suricata-3.2beta1

suricata-4.*

suricata-4.0.0

suricata-4.0.0-beta1

suricata-4.0.0-rc1

suricata-4.0.0-rc2

suricata-4.0.1

suricata-4.1.0

suricata-4.1.0-beta1

suricata-4.1.0-rc1

suricata-4.1.0-rc2

suricata-4.1.1

suricata-4.1.2

suricata-4.1.3

suricata-4.1.4