Home > Vulnerability Database > CVE-2019-10050

Mend.io Vulnerability Database

CVE-2019-10050

Date: May 13, 2019

A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash.

Language: C

Severity Score

7.5

Related Resources (6)

Url: https://lists.openinfosecfoundation.org/pipermail/oisf-announce/

Url: https://security-tracker.debian.org/tracker/CVE-2019-10050

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-10050

Url: https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-10050

Url: https://www.mend.io/vulnerability-database/CVE-2019-10050

Severity Score

7.5

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-10050

Date: May 13, 2019

Language: C

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?