Bug #2883: ssh: heap buffer overflow
Bug #2884: mpls: heapbuffer overflow in file decode-mpls.c
Bug #2887: decode-ethernet: heapbuffer overflow in file decode-ethernet.c
Bug #2894: smb 1 create andx request does not parse the filename correctly
Bug #2903: mpls: cast of misaligned data leads to undefined behavior
Bug #2943: rust/nfs: integer underflow
An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow.
A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash.
Gentoo Security Padawan
ssh: heap buffer overflow
mpls: heapbuffer overflow in file decode-mpls.c
decode-ethernet: heapbuffer overflow in file decode-ethernet.c
smb 1 create andx request does not parse the filename correctly
mpls: cast of misaligned data leads to undefined behavior
rust/nfs: integer underflow
(https://lists.openinfosecfoundation.org/pipermail/oisf-announce/2019-May/000474.html): Thu May 9 09:09:33 UTC 2019
Suricata 4.0.x is now end of life. This means no further 4.0.x releases
will be make. Please make sure you update your sensors to the 4.1 branch.
We've also updated our deprecated features page here
Filestore v1 has been added to list. It will be removed in about a year.
The old text drop.log will be removed at the same time.
Suricata Lead Developer