{"id": "CVE-2018-10244", "bulletinFamily": "NVD", "title": "CVE-2018-10244", "description": "Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check.", "published": "2019-04-04T16:29:00", "modified": "2019-04-07T01:24:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10244", "reporter": "cve@mitre.org", "references": ["https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/"], "cvelist": ["CVE-2018-10244"], "type": "cve", "lastseen": "2019-05-29T18:19:41", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "145bb1d1ed7692da7416b7d82087ab2c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "39eae15f1442b55c16d1d91f72093715"}, {"key": "cpe23", "hash": "0b5797f1b39cf84c2494ba49811aed50"}, {"key": "cvelist", "hash": "323e6aef874289221601855c6f9472be"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "48cec8f43ff700f672081508fe3d5099"}, {"key": "cwe", "hash": "2ae76161d39c17aef8ca38b9bfc8fde3"}, {"key": "description", "hash": "108b70e4f7ed3c0e15d8b7c124755321"}, {"key": "href", "hash": "7afaf0202443ea822ecc0328f0d34e57"}, {"key": "modified", "hash": "602a0b4a586e971947f4f871144356f6"}, {"key": "published", "hash": "3f3b8913b5e927ae5e20387ea50011aa"}, {"key": "references", "hash": "e18794dd3b19cc72d5322fa6993dda84"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "16c08148640889dd51d46a1d16252d2a"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "bfef939b7c838074b66a34183d8e96d7d7e3fe301421c68f804b82e9dd4312f5", "viewCount": 3, "enchantments": {"score": {"value": 3.7, "vector": "NONE", "modified": "2019-05-29T18:19:41", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310875276", "OPENVAS:1361412562310874854", "OPENVAS:1361412562310875280", "OPENVAS:1361412562310874857"]}], "modified": "2019-05-29T18:19:41", "rev": 2}, "vulnersScore": 3.7}, "objectVersion": "1.3", "cpe": ["cpe:/a:suricata-ids:suricata:4.0.4"], "affectedSoftware": [{"name": "suricata-ids suricata", "operator": "eq", "version": "4.0.4"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:suricata-ids:suricata:4.0.4:*:*:*:*:*:*:*"], "cwe": ["CWE-190"]}

{"openvas": [{"lastseen": "2019-05-29T18:33:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-04-09T00:00:00", "published": "2018-07-28T00:00:00", "id": "OPENVAS:1361412562310874854", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874854", "title": "Fedora Update for suricata FEDORA-2018-6227e1ff4c", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_6227e1ff4c_suricata_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for suricata FEDORA-2018-6227e1ff4c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874854\");\n script_version(\"2019-04-09T07:15:29+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-09 07:15:29 +0000 (Tue, 09 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-28 06:08:00 +0200 (Sat, 28 Jul 2018)\");\n script_cve_id(\"CVE-2018-10242\", \"CVE-2018-10243\", \"CVE-2018-10244\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for suricata FEDORA-2018-6227e1ff4c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'suricata'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"suricata on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-6227e1ff4c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27CVNOMALHDS3OEMMZIFV4FLBQP2IJ2T\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"suricata\", rpm:\"suricata~4.0.5~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:00", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-04-09T00:00:00", "published": "2018-07-28T00:00:00", "id": "OPENVAS:1361412562310874857", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874857", "title": "Fedora Update for suricata FEDORA-2018-747d000693", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_747d000693_suricata_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for suricata FEDORA-2018-747d000693\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874857\");\n script_version(\"2019-04-09T07:15:29+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-09 07:15:29 +0000 (Tue, 09 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-28 06:08:08 +0200 (Sat, 28 Jul 2018)\");\n script_cve_id(\"CVE-2018-10242\", \"CVE-2018-10243\", \"CVE-2018-10244\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for suricata FEDORA-2018-747d000693\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'suricata'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"suricata on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-747d000693\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IMIFOK6VUND3RKJXVUFONSJWOW4XTZPP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"suricata\", rpm:\"suricata~4.0.5~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-04-09T00:00:00", "published": "2018-11-20T00:00:00", "id": "OPENVAS:1361412562310875280", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875280", "title": "Fedora Update for suricata FEDORA-2018-cf58e1cbd1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_cf58e1cbd1_suricata_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for suricata FEDORA-2018-cf58e1cbd1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875280\");\n script_version(\"2019-04-09T07:15:29+0000\");\n script_cve_id(\"CVE-2018-18956\", \"CVE-2018-10242\", \"CVE-2018-10243\", \"CVE-2018-10244\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-04-09 07:15:29 +0000 (Tue, 09 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-20 06:27:46 +0100 (Tue, 20 Nov 2018)\");\n script_name(\"Fedora Update for suricata FEDORA-2018-cf58e1cbd1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-cf58e1cbd1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FDNU4E4ZRRRTAKRCR3KHBTVMCMH4KCE\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'suricata'\n package(s) announced via the FEDORA-2018-cf58e1cbd1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"suricata on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"suricata\", rpm:\"suricata~4.0.6~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:06", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-04-09T00:00:00", "published": "2018-11-20T00:00:00", "id": "OPENVAS:1361412562310875276", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875276", "title": "Fedora Update for suricata FEDORA-2018-d05860129f", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_d05860129f_suricata_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for suricata FEDORA-2018-d05860129f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875276\");\n script_version(\"2019-04-09T07:15:29+0000\");\n script_cve_id(\"CVE-2018-18956\", \"CVE-2018-10242\", \"CVE-2018-10243\", \"CVE-2018-10244\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-04-09 07:15:29 +0000 (Tue, 09 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-20 06:27:13 +0100 (Tue, 20 Nov 2018)\");\n script_name(\"Fedora Update for suricata FEDORA-2018-d05860129f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n script_xref(name:\"FEDORA\", value:\"2018-d05860129f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAKI4VUSY4BR4ATTIRILL5M7Z32ARDSL\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'suricata'\n package(s) announced via the FEDORA-2018-d05860129f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"suricata on Fedora 27.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"suricata\", rpm:\"suricata~4.0.6~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}