Menu

CVE-2019-16411

Software: suricata, v. 4.1.4
Language: C
Risk: medium / high
Type: heap buffer overflow (logics bug)

Description: This bug was found by libFuzzer. During sending multiple IPv4 packets with invalid IPv4Options, the function "IPV4OptValidateTimestamp(...)" tried to access a memory region that was not allocated. We checked o->len < 5, so this is 2 bytes hdr, 3 bytes data. Then we flag = *(o->data +3) ... So we are beyond the 3 bytes; the code should actually not do the +3, but a +1.

Status: published

Customers & Partners

Digital Hub Bonn Techboost Deutsche Börse Bosch GmbH Telekom HTGF Deutsche Cyber-Sicherheitsorganisation Intevation Sopra Steria Deutsche Börse Venture Network Allianz für Cyber-Sicherheit Cyber Security Cluster Bonn