CVE-2019-10050

Name	CVE-2019-10050
Description	A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
suricata (PTS)	jessie, jessie (lts)	2.0.7-2+deb8u5	vulnerable
	stretch	3.2.1-1+deb9u1	vulnerable
	buster	1:4.1.2-2+deb10u1	vulnerable
	bullseye	1:6.0.1-3	fixed
	bookworm	1:6.0.10-1	fixed
	trixie	1:7.0.3-1	fixed
	sid	1:7.0.4-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
suricata	source	wheezy	(not affected)
suricata	source	(unstable)	1:4.1.4-1

Notes

[buster] - suricata <no-dsa> (Minor issue)
[stretch] - suricata <no-dsa> (Minor issue)
[jessie] - suricata <no-dsa> (Minor issue)
https://redmine.openinfosecfoundation.org/issues/2884
https://github.com/OISF/suricata/commit/4609d5c80acda9adf02f8fb9a6aa8238495bfa13
[wheezy] - suricata <not-affected> (MPLS support introduced in 2.1beta2)