CVE-2018-10244: Integer Overflow
First published: Thu Apr 04 2019(Updated: )
Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Suricata-ids Suricata | =4.0.4 | |
| Oisf Suricata | =4.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2018-10244?
CVE-2018-10244 is a vulnerability in Suricata version 4.0.4 that allows a malformed EtherNet/IP PDU to cause an integer overflow during a length check.
How does CVE-2018-10244 affect Suricata?
CVE-2018-10244 affects Suricata version 4.0.4, causing it to incorrectly handle the parsing of an EtherNet/IP PDU.
What is the severity of CVE-2018-10244?
The severity of CVE-2018-10244 is critical with a CVSS score of 9.8.
How can CVE-2018-10244 be exploited?
CVE-2018-10244 can be exploited by sending a malformed EtherNet/IP PDU to Suricata version 4.0.4.
How can I fix CVE-2018-10244?
To fix CVE-2018-10244, upgrade Suricata to version 4.0.5 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/references
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/suricata-ids
- canonical/suricata-ids suricata
- version/suricata-ids suricata/4.0.4
- vendor/oisf
- canonical/oisf suricata
- version/oisf suricata/4.0.4