CVE-2019-16411 - OpenCVE

An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, "flag = *(o->data + 3)" places one beyond the 3 bytes, because the code should have been "flag = *(o->data + 1)" instead.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Suricata-ids	Suricata

Configuration 1 [-]

cpe:2.3:a:suricata-ids:suricata:4.1.4:*:*:*:*:*:*:*

References

Link	Resource
https://lists.openinfosecfoundation.org/pipermail/oisf-announce/	Third Party Advisory
https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/	Release Notes Vendor Advisory
https://www.code-intelligence.com/cve-2019-16411

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-24T19:20:58

Updated: 2019-10-02T13:53:14

Reserved: 2019-09-18T00:00:00

Link: CVE-2019-16411

JSON object: View

NVD Information

Status : Modified

Published: 2019-09-24T20:15:11.967

Modified: 2019-10-02T14:15:12.320

Link: CVE-2019-16411

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, \"flag = *(o->data + 3)\" places one beyond the 3 bytes, because the code should have been \"flag = *(o->data + 1)\" instead."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-02T13:53:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.openinfosecfoundation.org/pipermail/oisf-announce/"}, {"tags": ["x_refsource_MISC"], "url": "https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.code-intelligence.com/cve-2019-16411"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16411", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, \"flag = *(o->data + 3)\" places one beyond the 3 bytes, because the code should have been \"flag = *(o->data + 1)\" instead."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://lists.openinfosecfoundation.org/pipermail/oisf-announce/", "refsource": "MISC", "url": "https://lists.openinfosecfoundation.org/pipermail/oisf-announce/"}, {"name": "https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/", "refsource": "MISC", "url": "https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/"}, {"name": "https://www.code-intelligence.com/cve-2019-16411", "refsource": "MISC", "url": "https://www.code-intelligence.com/cve-2019-16411"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16411", "datePublished": "2019-09-24T19:20:58", "dateReserved": "2019-09-18T00:00:00", "dateUpdated": "2019-10-02T13:53:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suricata-ids:suricata:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "ABD52035-B1CC-4D94-BFA1-556041577F2F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, \"flag = *(o->data + 3)\" places one beyond the 3 bytes, because the code should have been \"flag = *(o->data + 1)\" instead."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Suricata versi\u00f3n 4.1.4. Mediante el env\u00edo de m\u00faltiples paquetes IPv4 que tienen IPv4Options no v\u00e1lidas, la funci\u00f3n IPV4OptValidateTimestamp en el archivo decode-ipv4.c, intenta acceder a una regi\u00f3n de memoria que no est\u00e1 asignada. Se presenta una comprobaci\u00f3n para o-)len( 5 (correspondiente a 2 bytes de encabezado y 3 bytes de datos). Luego, \"flag = *(o-)data + 3)\" se coloca uno m\u00e1s all\u00e1 de los 3 bytes, porque en su lugar el c\u00f3digo deber\u00eda haber sido \"flag = *(o-)data + 1)\"."}], "id": "CVE-2019-16411", "lastModified": "2019-10-02T14:15:12.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-24T20:15:11.967", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.openinfosecfoundation.org/pipermail/oisf-announce/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/"}, {"source": "cve@mitre.org", "url": "https://www.code-intelligence.com/cve-2019-16411"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}