CVE-2019-10050

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-10050
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10050.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10050
Downstream
Related
Published
2019-05-13T17:29:02.097Z
Modified
2026-03-23T05:02:22.240448Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash.

References

Affected packages

Git / github.com/oisf/suricata

Affected ranges

Type
GIT
Repo
https://github.com/oisf/suricata
Events
Introduced
b8428378ac6fb2365337ae765e19dfc0f4548e4a
Fixed
14c2b6e445b3e8b5f802c4538397c12bfd3f831d
Database specific 
{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.1.4"
        }
    ]
}

Affected versions

suricata-4.*
suricata-4.0.0
suricata-4.0.1
suricata-4.1.0
suricata-4.1.0-beta1
suricata-4.1.0-rc1
suricata-4.1.0-rc2
suricata-4.1.1
suricata-4.1.2
suricata-4.1.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10050.json"