CVE-2018-14568
First published: Mon Jul 23 2018(Updated: )
Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Suricata | <4.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-14568?
CVE-2018-14568 is a vulnerability in Suricata IDS before version 4.0.5 that allows detection bypass by stopping TCP stream inspection upon receiving a TCP RST from a server.
How does CVE-2018-14568 work?
CVE-2018-14568 works by causing Suricata IDS to stop inspecting TCP streams when it receives a TCP RST from a server, which allows for detection bypass.
What is the severity of CVE-2018-14568?
The severity of CVE-2018-14568 is high with a CVSS score of 7.5.
How can I fix CVE-2018-14568?
To fix CVE-2018-14568, you should upgrade to Suricata IDS version 4.0.5 or later.
Where can I find more information about CVE-2018-14568?
You can find more information about CVE-2018-14568 at the following references: [Reference 1](https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345), [Reference 2](https://github.com/kirillwow/ids_bypass), [Reference 3](https://redmine.openinfosecfoundation.org/issues/2501).
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/suricata-ids
- canonical/suricata