Back to search
CVE-2019-15699
Published: Sep 24, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://lists.openinfosecfoundation.org/pipermail/oisf-announce/
x_refsource_MISC
https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now