Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Oisf Subscribe
Filtered by product Suricata
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-45098 2 Debian, Oisf 2 Debian Linux, Suricata 2022-01-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client's request. These packets will not trigger a Suricata reject action.
CVE-2021-35063 3 Debian, Fedoraproject, Oisf 3 Debian Linux, Fedora, Suricata 2021-11-30 5.0 MEDIUM 7.5 HIGH
Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."
CVE-2021-37592 1 Oisf 1 Suricata 2021-11-23 7.5 HIGH 9.8 CRITICAL
Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.
CVE-2019-10050 1 Oisf 1 Suricata 2019-10-24 5.0 MEDIUM 7.5 HIGH
A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash.
CVE-2019-1010279 1 Oisf 1 Suricata 2019-08-01 5.0 MEDIUM 7.5 HIGH
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3.
CVE-2019-1010251 1 Oisf 1 Suricata 2019-07-23 5.0 MEDIUM 7.5 HIGH
Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, decode-teredo.c and decode-ipv6.c (https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe, https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b). The attack vector is: An attacker can trigger the vulnerability by sending a specifically crafted network request. The fixed version is: 4.1.2.