CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-15699

An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.7%

CVSS Severity

CVSS v3 Score 9.1

CVSS v2 Score 6.4

References

https://lists.openinfosecfoundation.org/pipermail/oisf-announce/
https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
https://lists.openinfosecfoundation.org/pipermail/oisf-announce/
https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/

Products affected by CVE-2019-15699

Suricata-Ids » Suricata » Version: 4.1.4

cpe:2.3:a:suricata-ids:suricata:4.1.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-15699

Products

Pricing

Contact Us