A vulnerability was found in Suricata 4.1.3. It has been classified as problematic. This affects the function process_reply_record_v3 of the file nfs/nfs3.rs of the component Reply Handler. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on availability. The summary by CVE is:

An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access and the program crashes within the nfs/nfs3.rs file.

The weakness was released 08/28/2019 (Website). It is possible to read the advisory at suricata-ids.org. This vulnerability is uniquely identified as CVE-2019-10054 since 03/25/2019. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details of the vulnerability are known, but there is no available exploit.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Entries connected to this vulnerability are available at VDB-140989, VDB-140990, VDB-140992 and VDB-140993. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Name

• Suricata

Version

• 4.1.3

License

• open-source

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion