CVE-2019-10050

moderate-risk
Published 2019-05-13

A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash.

Do I need to act?

-
0.54% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Oisf

References (4)

Third Party Advisory https://lists.openinfosecfoundation.org/pipermail/oisf-announce/
Patch https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/
Third Party Advisory https://lists.openinfosecfoundation.org/pipermail/oisf-announce/
Patch https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/
33
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal