UBUNTU-CVE-2019-10056

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-10056

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-10056.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-10056

Related

CVE-2019-10056

Published

2019-08-28T21:15:00Z

Modified

2025-01-13T10:21:55Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and doesn't determine the current length. Specifically, if the packet is exactly 28 long, in the first iteration it subtracts 14 bytes. Then, it is working with a packet length of 14. At this point, the case distinction says it is a valid packet. After that it casts the packet, but this packet has no type, and the program crashes at the type case distinction.

References

Affected packages

Ubuntu:Pro:16.04:LTS / suricata

Package

Name: suricata
Purl: pkg:deb/ubuntu/suricata@3.0-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.8-1build1

2.0.9-1

2.0.10-1

2.0.10-2

2.0.11-1

3.*

3.0-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / suricata

Package

Name: suricata
Purl: pkg:deb/ubuntu/suricata@3.2-2ubuntu3?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2-2ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}