5 matches found
CVE-2019-15699
An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 TLS 1.2 packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of t...
CVE-2019-15699
An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 TLS 1.2 packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of t...
CVE-2019-15699
An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 TLS 1.2 packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of t...
CVE-2019-15699
An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 TLS 1.2 packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of t...
CVE-2019-15699
CVE-2019-15699 affects Suricata 4.1.4, where the SSL/TLS parser in app-layer-ssl.c (TLSDecodeHSHelloExtensions) accesses an unallocated memory region when processing a corrupted SSLv3/TLS 1.2 HSHelloExtensions length mismatch. This can lead to memory corruption/heap issues as described in multipl...