CVE-2019-10054: Integer Underflow
First published: Wed Aug 28 2019(Updated: )
An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access and the program crashes within the nfs/nfs3.rs file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Suricata-ids Suricata | =4.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2019-10054.
What is the affected version of Suricata?
The affected version of Suricata is 4.1.3.
What is the severity level of CVE-2019-10054?
The severity level of CVE-2019-10054 is high with a CVSS score of 7.5.
What is the CWE ID associated with this vulnerability?
The CWE ID associated with this vulnerability is CWE-191 and CWE-20.
How can I fix CVE-2019-10054 in Suricata?
To fix CVE-2019-10054 in Suricata, update to a version that includes the fix, such as Suricata 4.1.4 or later.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/suricata-ids
- canonical/suricata-ids suricata
- version/suricata-ids suricata/4.1.3