An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, "flag = *(o->data + 3)" places one beyond the 3 bytes, because the code should have been "flag = *(o->data + 1)" instead.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-24T19:20:58

Updated: 2024-08-05T01:17:39.591Z

Reserved: 2019-09-18T00:00:00

Link: CVE-2019-16411

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-09-24T20:15:11.967

Modified: 2024-11-21T04:30:39.767

Link: CVE-2019-16411

cve-icon Redhat

No data.