An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, "flag = *(o->data + 3)" places one beyond the 3 bytes, because the code should have been "flag = *(o->data + 1)" instead.
References
Link | Resource |
---|---|
https://lists.openinfosecfoundation.org/pipermail/oisf-announce/ | Third Party Advisory |
https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/ | Release Notes Vendor Advisory |
https://www.code-intelligence.com/cve-2019-16411 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-24T19:20:58
Updated: 2019-10-02T13:53:14
Reserved: 2019-09-18T00:00:00
Link: CVE-2019-16411
JSON object: View
NVD Information
Status : Modified
Published: 2019-09-24T20:15:11.967
Modified: 2019-10-02T14:15:12.320
Link: CVE-2019-16411
JSON object: View
Redhat Information
No data.
CWE