An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, "flag = *(o->data + 3)" places one beyond the 3 bytes, because the code should have been "flag = *(o->data + 1)" instead.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-24T19:20:58
Updated: 2024-08-05T01:17:39.591Z
Reserved: 2019-09-18T00:00:00
Link: CVE-2019-16411
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-09-24T20:15:11.967
Modified: 2024-11-21T04:30:39.767
Link: CVE-2019-16411
Redhat
No data.