#VU36028 Integer overflow in Suricata - CVE-2018-10244

Cybersecurity Help s.r.o.

Published: 2019-04-04 | Updated: 2020-08-08

Vulnerability identifier: #VU36028

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-10244

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Suricata
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Open Information Security Foundation

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Suricata: 4.0.4

External links
https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Integer overflow in Suricata