Vulnerability Description
Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Suricata-Ids | Suricata | < 4.0.5 |
References
- https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d4PatchThird Party Advisory
- https://github.com/kirillwow/ids_bypassExploitThird Party Advisory
- https://redmine.openinfosecfoundation.org/issues/2501ExploitThird Party Advisory
- https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/Vendor Advisory
- https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d4PatchThird Party Advisory
- https://github.com/kirillwow/ids_bypassExploitThird Party Advisory
- https://redmine.openinfosecfoundation.org/issues/2501ExploitThird Party Advisory
- https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/Vendor Advisory
FAQ
What is CVE-2018-14568?
CVE-2018-14568 is a vulnerability with a CVSS score of 7.5 (HIGH). Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly...
How severe is CVE-2018-14568?
CVE-2018-14568 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-14568?
Check the references section above for vendor advisories and patch information. Affected products include: Suricata-Ids Suricata.