CVE-2019-16411 - OpenCVE

An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, "flag = *(o->data + 3)" places one beyond the 3 bytes, because the code should have been "flag = *(o->data + 1)" instead.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Suricata-ids	Suricata

Configuration 1 [-]

cpe:2.3:a:suricata-ids:suricata:4.1.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.openinfosecfoundation.org/pipermail/oisf-announce/
https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
https://www.code-intelligence.com/cve-2019-16411

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-24T19:20:58

Updated: 2024-08-05T01:17:39.591Z

Reserved: 2019-09-18T00:00:00

Link: CVE-2019-16411

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-09-24T20:15:11.967

Modified: 2019-10-02T14:15:12.320

Link: CVE-2019-16411

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, \"flag = *(o->data + 3)\" places one beyond the 3 bytes, because the code should have been \"flag = *(o->data + 1)\" instead."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-02T13:53:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.openinfosecfoundation.org/pipermail/oisf-announce/"}, {"tags": ["x_refsource_MISC"], "url": "https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.code-intelligence.com/cve-2019-16411"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16411", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, \"flag = *(o->data + 3)\" places one beyond the 3 bytes, because the code should have been \"flag = *(o->data + 1)\" instead."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://lists.openinfosecfoundation.org/pipermail/oisf-announce/", "refsource": "MISC", "url": "https://lists.openinfosecfoundation.org/pipermail/oisf-announce/"}, {"name": "https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/", "refsource": "MISC", "url": "https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/"}, {"name": "https://www.code-intelligence.com/cve-2019-16411", "refsource": "MISC", "url": "https://www.code-intelligence.com/cve-2019-16411"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:17:39.591Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.openinfosecfoundation.org/pipermail/oisf-announce/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.code-intelligence.com/cve-2019-16411"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16411", "datePublished": "2019-09-24T19:20:58", "dateReserved": "2019-09-18T00:00:00", "dateUpdated": "2024-08-05T01:17:39.591Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suricata-ids:suricata:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "ABD52035-B1CC-4D94-BFA1-556041577F2F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, \"flag = *(o->data + 3)\" places one beyond the 3 bytes, because the code should have been \"flag = *(o->data + 1)\" instead."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Suricata versi\u00f3n 4.1.4. Mediante el env\u00edo de m\u00faltiples paquetes IPv4 que tienen IPv4Options no v\u00e1lidas, la funci\u00f3n IPV4OptValidateTimestamp en el archivo decode-ipv4.c, intenta acceder a una regi\u00f3n de memoria que no est\u00e1 asignada. Se presenta una comprobaci\u00f3n para o-)len( 5 (correspondiente a 2 bytes de encabezado y 3 bytes de datos). Luego, \"flag = *(o-)data + 3)\" se coloca uno m\u00e1s all\u00e1 de los 3 bytes, porque en su lugar el c\u00f3digo deber\u00eda haber sido \"flag = *(o-)data + 1)\"."}], "id": "CVE-2019-16411", "lastModified": "2019-10-02T14:15:12.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-24T20:15:11.967", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.openinfosecfoundation.org/pipermail/oisf-announce/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/"}, {"source": "cve@mitre.org", "url": "https://www.code-intelligence.com/cve-2019-16411"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}