Fluid Attacks Database

Description

An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	suricata	>=0 <1:4.1.5-1	1:4.1.5-1
debian 13	suricata	>=0 <1:4.1.5-1	1:4.1.5-1
debian 14	suricata	>=0 <1:4.1.5-1	1:4.1.5-1

Aliases

1. CVE-2019-156992. NVD-2019-156993. OSV-DEBIAN-2019-156994. OSV-2019-156995. SECURITY-TRACKER-CVE-2019-15699

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.