Vulnerability Details CVE-2019-10052
An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parse_clientid_option in the dhcp/parser.rs file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://redmine.openinfosecfoundation.org/issues/2902
- https://redmine.openinfosecfoundation.org/issues/2947
- https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/
- https://redmine.openinfosecfoundation.org/issues/2902
- https://redmine.openinfosecfoundation.org/issues/2947
- https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/
Products affected by CVE-2019-10052
-
cpe:2.3:a:suricata-ids:suricata:4.1.3