logo

Database

Insecure deserialization In suricata-update

Description

OISF suricata-update unsafely deserializes YAML data Suricata-Update uses the insecure yaml.load() function. Code will be executed if the yaml-file contains lines like:

hello: !!python/object/apply:os.system ['ls -l > /tmp/output']

The vulnerable function can be triggered by "suricata-update list-sources". The locally stored index.yaml will be loaded in this function and the malicious code gets executed.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-10001672. NVD-2018-10001673. OSV-2018-10001674. GCVE-2018-1000167

References

1. https://github.com/OISF/suricata-update/pull/232. https://github.com/OISF/suricata-update/commit/76270e73128ca1299b4e33e7e2a74ac3d963a97a3. https://github.com/pypa/advisory-database/tree/main/vulns/suricata-update/PYSEC-2018-75.yaml4. https://redmine.openinfosecfoundation.org/issues/23595. https://tech.feedyourhead.at/content/remote-code-execution-in-suricata-update

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.