CVE-2019-10056

NameCVE-2019-10056
DescriptionAn issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and doesn't determine the current length. Specifically, if the packet is exactly 28 long, in the first iteration it subtracts 14 bytes. Then, it is working with a packet length of 14. At this point, the case distinction says it is a valid packet. After that it casts the packet, but this packet has no type, and the program crashes at the type case distinction.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesELA-1162-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
suricata (PTS)jessie, jessie (lts)2.0.7-2+deb8u5vulnerable
stretch3.2.1-1+deb9u1vulnerable
buster, buster (lts)1:4.1.2-2+deb10u2fixed
bullseye1:6.0.1-3fixed
bookworm1:6.0.10-1fixed
sid, trixie1:7.0.8-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
suricatasourcebuster1:4.1.2-2+deb10u2ELA-1162-1
suricatasource(unstable)1:4.1.4-1

Notes

[buster] - suricata <no-dsa> (Minor issue)
[stretch] - suricata <no-dsa> (Minor issue)
[jessie] - suricata <no-dsa> (Minor issue)
https://redmine.openinfosecfoundation.org/issues/2946

Search for package or bug name: Reporting problems