CVE-2021-45098

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-45098
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45098.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-45098
Downstream
Published
2021-12-16T05:15:08Z
Modified
2025-10-14T18:56:49.308384Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client's request. These packets will not trigger a Suricata reject action.

References

Affected packages

Git / github.com/oisf/suricata

Affected ranges

Type
GIT
Repo
https://github.com/oisf/suricata
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

suricata-0.*

suricata-0.8.2

suricata-1.*

suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
suricata-1.2
suricata-1.2.1
suricata-1.2beta1
suricata-1.2rc1
suricata-1.3
suricata-1.3.1
suricata-1.3beta1
suricata-1.3beta2
suricata-1.3rc1
suricata-1.4
suricata-1.4beta1
suricata-1.4beta2
suricata-1.4beta3
suricata-1.4rc1

suricata-2.*

suricata-2.0
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0.2
suricata-2.0beta1
suricata-2.0beta2
suricata-2.0rc1
suricata-2.0rc2
suricata-2.0rc3
suricata-2.1beta1
suricata-2.1beta2
suricata-2.1beta3
suricata-2.1beta4

suricata-3.*

suricata-3.0
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0RC1
suricata-3.0RC2
suricata-3.0RC3
suricata-3.1
suricata-3.1.1
suricata-3.1.2
suricata-3.1RC1
suricata-3.2
suricata-3.2.1
suricata-3.2RC1
suricata-3.2beta1

suricata-4.*

suricata-4.0.0
suricata-4.0.0-beta1
suricata-4.0.0-rc1
suricata-4.0.0-rc2
suricata-4.0.1
suricata-4.1.0
suricata-4.1.0-beta1
suricata-4.1.0-rc1
suricata-4.1.0-rc2
suricata-4.1.1
suricata-4.1.2

suricata-5.*

suricata-5.0.0
suricata-5.0.0-beta1
suricata-5.0.0-rc1
suricata-5.0.1

suricata-6.*

suricata-6.0.0
suricata-6.0.0-beta1
suricata-6.0.0-rc1
suricata-6.0.1

Database specific

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "target": {
                "function": "DecodeTCPOptions",
                "file": "src/decode-tcp.c"
            },
            "signature_type": "Function",
            "source": "https://github.com/oisf/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df",
            "deprecated": false,
            "digest": {
                "length": 3056.0,
                "function_hash": "32798937301964368305689530638561933616"
            },
            "id": "CVE-2021-45098-7bd00631"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "src/stream-tcp.c"
            },
            "signature_type": "Line",
            "source": "https://github.com/oisf/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "298668671455610702915103447051742258437",
                    "256631810295012211850575970957164370311",
                    "123383077366789806747570069411808274271",
                    "274369461503223323845070479388222163445",
                    "81252066565862047776416149689762193267",
                    "194126627155482699807327090414817736513",
                    "279325392824502007740694175045747413119",
                    "108132844981397602831514210151998199529",
                    "61372347601594444231145274006763826344",
                    "25892010124558066242332141158214465535"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2021-45098-9ab0b7c9"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "src/decode-tcp.c"
            },
            "signature_type": "Line",
            "source": "https://github.com/oisf/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "170552253051911852146487529132580135837",
                    "163062811452642697869803281768232611934",
                    "285868154989856370439780572676159995884",
                    "220648413416416060419813201480483870163"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2021-45098-ca76ba9c"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "src/decode-tcp.h"
            },
            "signature_type": "Line",
            "source": "https://github.com/oisf/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "132295267061987848369583130253603522180",
                    "241660162830298340947169635807810546259",
                    "271631569540684670286125895492242638263",
                    "308873693325180287847751687015928839693",
                    "6429480766519447554244969506203846599"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2021-45098-d0e22e0d"
        },
        {
            "signature_version": "v1",
            "target": {
                "function": "StreamTcpPacketStateClosed",
                "file": "src/stream-tcp.c"
            },
            "signature_type": "Function",
            "source": "https://github.com/oisf/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df",
            "deprecated": false,
            "digest": {
                "length": 831.0,
                "function_hash": "208081842680579566268159183757970571539"
            },
            "id": "CVE-2021-45098-d2306e1a"
        },
        {
            "signature_version": "v1",
            "target": {
                "function": "StreamTcpValidateRst",
                "file": "src/stream-tcp.c"
            },
            "signature_type": "Function",
            "source": "https://github.com/oisf/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df",
            "deprecated": false,
            "digest": {
                "length": 4279.0,
                "function_hash": "54448183064142838596041141727351530953"
            },
            "id": "CVE-2021-45098-d767947c"
        }
    ]
}