CVE-2021-37592

Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.
References
Link Resource
https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 Release Notes Vendor Advisory
https://github.com/OISF/suricata/releases Release Notes Third Party Advisory
https://redmine.openinfosecfoundation.org/issues/4569 Permissions Required Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*
cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

History

23 Nov 2021, 17:56

Type Values Removed Values Added
CWE CWE-787
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CPE cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*
References (CONFIRM) https://redmine.openinfosecfoundation.org/issues/4569 - (CONFIRM) https://redmine.openinfosecfoundation.org/issues/4569 - Permissions Required, Third Party Advisory
References (MISC) https://github.com/OISF/suricata/releases - (MISC) https://github.com/OISF/suricata/releases - Release Notes, Third Party Advisory
References (CONFIRM) https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 - (CONFIRM) https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 - Release Notes, Vendor Advisory

19 Nov 2021, 16:37

Type Values Removed Values Added
New CVE

Information

Published : 2021-11-19 15:15

Updated : 2024-02-04 22:08


NVD link : CVE-2021-37592

Mitre link : CVE-2021-37592

CVE.ORG link : CVE-2021-37592


JSON object : View

Products Affected

oisf

  • suricata
CWE
CWE-787

Out-of-bounds Write