Candidate: CVE-2019-10050
PublicDate: 2019-05-13 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10050
 https://lists.openinfosecfoundation.org/pipermail/oisf-announce/
 https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/
Description:
 A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If
 the input of the decode-mpls.c function DecodeMPLS is composed only of a
 packet of source address and destination address plus the correct type
 field and the right number for shim, an attacker can manipulate the control
 flow, such that the condition to leave the loop is true. After leaving the
 loop, the network packet has a length of 2 bytes. There is no validation of
 this length. Later on, the code tries to read at an empty position, leading
 to a crash.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_suricata:
upstream_suricata: released (1:4.1.4-1)
precise/esm_suricata: DNE
trusty/esm_suricata: DNE
xenial_suricata: ignored (end of standard support, was needed)
bionic_suricata: needed
cosmic_suricata: ignored (reached end-of-life)
disco_suricata: ignored (reached end-of-life)
eoan_suricata: ignored (reached end-of-life)
focal_suricata: DNE
groovy_suricata: DNE
hirsute_suricata: DNE
impish_suricata: DNE
jammy_suricata: not-affected (1:4.1.4-1)
devel_suricata: not-affected (1:4.1.4-1)