Vulnerability Description
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oisf | Suricata | < 4.1.3 |
Related Weaknesses (CWE)
References
- https://github.com/OISF/suricata/pull/3625Third Party Advisory
- https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb1PatchThird Party Advisory
- https://redmine.openinfosecfoundation.org/issues/2770ExploitVendor Advisory
- https://github.com/OISF/suricata/pull/3625Third Party Advisory
- https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb1PatchThird Party Advisory
- https://redmine.openinfosecfoundation.org/issues/2770ExploitVendor Advisory
FAQ
What is CVE-2019-1010279?
CVE-2019-1010279 is a vulnerability with a CVSS score of 7.5 (HIGH). Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a sp...
How severe is CVE-2019-1010279?
CVE-2019-1010279 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1010279?
Check the references section above for vendor advisories and patch information. Affected products include: Oisf Suricata.