Menu

CVE-2019-16410

Software: Suricata, v. 4.1.4
Language: C
Risk: medium / high
Type: heap buffer overflow (logics bug)

Description: This bug was found by libFuzzer By sending multiple IPv4 packets which are fragmented, the function "Defrag4Reassemble(..)" tries to access to a memory region that is not allocated. The function "Defrag4Reassemble(..)" doesn't have header_len check.

Status: published

Customers & Partners

Digital Hub Bonn Techboost Deutsche Börse Bosch GmbH Telekom HTGF Deutsche Cyber-Sicherheitsorganisation Intevation Sopra Steria Deutsche Börse Venture Network Allianz für Cyber-Sicherheit Cyber Security Cluster Bonn