Menu

CVE-2019-10050

Software: suricata, v. 4.1.3.
Language: C
Risk: medium / high
Type: heapbuffer overflow

Description: With this network package (source, dest, type, offset of 4 bytes), I can manipulate the control flow, so that the condition to leave the loop is true. After leaving the loop, the network package has a length of 2 bytes. After that, you don’t prove the length of the package. Later on, you try to read at a position which is empty. At this point, the program will crash.

Status: published

Customers & Partners

Digital Hub Bonn Techboost Deutsche Börse Bosch GmbH Telekom HTGF Deutsche Cyber-Sicherheitsorganisation Intevation Sopra Steria Deutsche Börse Venture Network Allianz für Cyber-Sicherheit Cyber Security Cluster Bonn