CVE-2018-18956

Опубликовано: 05 нояб. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018.

Ссылки

https://lists.openinfosecfoundation.org/pipermail/oisf-users/2018-November/016316.html
Mailing List
Third Party Advisory
https://lists.openinfosecfoundation.org/pipermail/oisf-users/2018-October/016227.html
Mailing List
Third Party Advisory
https://redmine.openinfosecfoundation.org/issues/2658#change-10374
Third Party Advisory
https://lists.openinfosecfoundation.org/pipermail/oisf-users/2018-November/016316.html
Mailing List
Third Party Advisory
https://lists.openinfosecfoundation.org/pipermail/oisf-users/2018-October/016227.html
Mailing List
Third Party Advisory
https://redmine.openinfosecfoundation.org/issues/2658#change-10374
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:suricata-ids:suricata:*:*:*:*:*:*:*:*

Версия от 4.0.0 (включая) до 4.0.6 (исключая)

EPSS

Процентиль: 78%

0.01143

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2018-18956

CVSS3: 7.5

ubuntu

больше 7 лет назад

CVE-2018-18956

CVSS3: 7.5

debian

больше 7 лет назад

The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x b ...

GHSA-mhv4-xgrg-gg58

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 78%

0.01143

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-119