CVE-2019-16411

An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, "flag = *(o->data + 3)" places one beyond the 3 bytes, because the code should have been "flag = *(o->data + 1)" instead.
Configurations

Configuration 1 (hide)

cpe:2.3:a:suricata-ids:suricata:4.1.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-09-24 20:15

Updated : 2023-12-10 13:13


NVD link : CVE-2019-16411

Mitre link : CVE-2019-16411

CVE.ORG link : CVE-2019-16411


JSON object : View

Products Affected

suricata-ids

  • suricata
CWE
CWE-125

Out-of-bounds Read