Software: suricata, v. 4.0.4.
Language: C
Risk: medium / high
Type: buffer overflow/remote

Description: Incorrectly handles the parsing of an EtherNet/IP PUD. A malformed PUD can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during the length check.

Status: published