Lucene search

MitreCVE-2018-10244

HistoryApr 04, 2019 - 4:29 p.m.

CVE-2018-10244

2019-04-0416:29:00

CWE-190

mitre

web.nvd.nist.gov

suricata

v4.0.4

integer overflow

ethernet/ip

pdu

parsing

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON

Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check.

Affected configurations

Nvd

Node

suricata-idssuricataMatch4.0.4

VendorProductVersionCPE
suricata-idssuricata4.0.4cpe:2.3:a:suricata-ids:suricata:4.0.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
suricata-ids	suricata	4.0.4	cpe:2.3:a:suricata-ids:suricata:4.0.4:::::::*

References

suricata-ids.org/2018/07/18/suricata-4-0-5-available/

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON

Related for CVE-2018-10244