Lucene search
GoogleOSV:GHSA-7C4H-W765-6PWGHistoryMay 14, 2022 - 3:22 a.m.
OISF suricata-update unsafely deserializes YAML data
2022-05-1403:22:02
Google
osv.dev
2
Suricata-Update uses the insecure yaml.load() function. Code will be executed if the yaml-file contains lines like:
hello: !!python/object/apply:os.system ['ls -l > /tmp/output']
The vulnerable function can be triggered by “suricata-update list-sources”. The locally stored index.yaml will be loaded in this function and the malicious code gets executed.
| CPE | Name | Operator | Version |
|---|---|---|---|
| suricata-update | eq | 1.0.0a1 |
References
github.com/OISF/suricata-update
github.com/OISF/suricata-update/commit/76270e73128ca1299b4e33e7e2a74ac3d963a97a
github.com/OISF/suricata-update/pull/23
nvd.nist.gov/vuln/detail/CVE-2018-1000167
redmine.openinfosecfoundation.org/issues/2359
tech.feedyourhead.at/content/remote-code-execution-in-suricata-update
Related
cvelist
cvelist
CVE-2018-1000167
2018-04-18 19:00:00
cve
cve
CVE-2018-1000167
2018-04-18 19:29:00
nvd
nvd
CVE-2018-1000167
2018-04-18 19:29:00
prion
prion
Deserialization of untrusted data
2018-04-18 19:29:00
osv
osv
CVE-2018-1000167
2018-04-18 19:29:00
PYSEC-2018-75
2018-04-18 19:29:00
veracode
veracode
Remote Code Execution (RCE)
2018-04-19 05:14:18
github
github
OISF suricata-update unsafely deserializes YAML data
2022-05-14 03:22:02