Lucene search

MitreCVE-2019-10051

HistoryAug 28, 2019 - 8:15 p.m.

CVE-2019-10051

2019-08-2820:15:10

CWE-754

mitre

web.nvd.nist.gov

cve

2019

10051

suricata

filetracker

newchunk

unsafe

smb

files.rs

error

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

64.8%

JSON

An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe “Some(sfcm) => { ft.new_chunk }” item, then the program enters an smb/files.rs error condition and crashes.

Affected configurations

Nvd

Node

suricata-idssuricataMatch4.1.3

suricata-idssuricataMatch4.1.4

VendorProductVersionCPE
suricata-idssuricata4.1.3cpe:2.3:a:suricata-ids:suricata:4.1.3:*:*:*:*:*:*:*
suricata-idssuricata4.1.4cpe:2.3:a:suricata-ids:suricata:4.1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
suricata-ids	suricata	4.1.3	cpe:2.3:a:suricata-ids:suricata:4.1.3:::::::*
suricata-ids	suricata	4.1.4	cpe:2.3:a:suricata-ids:suricata:4.1.4:::::::*

References

github.com/OISF/suricata/pull/3734

redmine.openinfosecfoundation.org/issues/2896

suricata-ids.org/2019/04/30/suricata-4-1-4-released/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

64.8%

JSON

Related for CVE-2019-10051