Candidate: CVE-2019-18625
PublicDate: 2020-01-06 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18625
 https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318 (suricata-5.0.1)
 https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0 (master-4.1.x)
 https://redmine.openinfosecfoundation.org/issues/3286
 https://redmine.openinfosecfoundation.org/issues/3395
 https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318
 https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0
Description:
 An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade
 any tcp based signature by faking a closed TCP session using an evil
 server. After the TCP SYN packet, it is possible to inject a RST ACK and a
 FIN ACK packet with a bad TCP Timestamp option. The client will ignore the
 RST ACK and the FIN ACK packets because of the bad TCP Timestamp option.
 Both linux and windows client are ignoring the injected packets.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]


Patches_suricata:
upstream_suricata: needs-triage
precise/esm_suricata: DNE
trusty_suricata: ignored (out of standard support)
trusty/esm_suricata: DNE
xenial_suricata: ignored (end of standard support, was needs-triage)
bionic_suricata: needs-triage
disco_suricata: ignored (reached end-of-life)
eoan_suricata: ignored (reached end-of-life)
focal_suricata: DNE
groovy_suricata: DNE
hirsute_suricata: DNE
impish_suricata: DNE
jammy_suricata: not-affected
devel_suricata: not-affected