CVE-2019-10052
First published: Wed Aug 28 2019(Updated: )
An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parse_clientid_option in the dhcp/parser.rs file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Suricata-ids Suricata | =4.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-10052?
CVE-2019-10052 is a vulnerability discovered in Suricata 4.1.3 that allows an attacker to cause a panic in the Rust environment by sending a network packet with an incorrect length, leading to a denial of service.
How severe is CVE-2019-10052?
CVE-2019-10052 has a severity level of high with a CVSS score of 7.5.
What software versions are affected by CVE-2019-10052?
Suricata 4.1.3 is affected by CVE-2019-10052.
How can I fix the CVE-2019-10052 vulnerability?
To fix the CVE-2019-10052 vulnerability, users should update Suricata to version 4.1.4 or later.
Where can I find more information about CVE-2019-10052?
You can find more information about CVE-2019-10052 on the following references: - [Redmine Issue 2902](https://redmine.openinfosecfoundation.org/issues/2902) - [Redmine Issue 2947](https://redmine.openinfosecfoundation.org/issues/2947) - [Suricata Blog Post](https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/)
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/suricata-ids
- canonical/suricata-ids suricata
- version/suricata-ids suricata/4.1.3