CVE-2018-18956

The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018.

Published : 2018-11-05 21:29 Updated : 2019-01-30 19:15

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Suricata-ids Suricata 4.0.0 cpe:/a:suricata-ids:suricata:4.0.0
Suricata-ids Suricata 4.0.0 cpe:/a:suricata-ids:suricata:4.0.0:b1
Suricata-ids Suricata 4.0.0 cpe:/a:suricata-ids:suricata:4.0.0:rc1
Suricata-ids Suricata 4.0.0 cpe:/a:suricata-ids:suricata:4.0.0:rc2
Suricata-ids Suricata 4.0.1 cpe:/a:suricata-ids:suricata:4.0.1
Suricata-ids Suricata 4.0.2 cpe:/a:suricata-ids:suricata:4.0.2
Suricata-ids Suricata 4.0.3 cpe:/a:suricata-ids:suricata:4.0.3
Suricata-ids Suricata 4.0.4 cpe:/a:suricata-ids:suricata:4.0.4
  1. Suricata-ids (1) Search CVE
    1. Suricata (5) Search CVE
      1. 4.0.0
      2. 4.0.1
      3. 4.0.2
      4. 4.0.3
      5. 4.0.4

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-01-30 19:15
2018-11-08 04:29
2018-11-05 21:29

New CVE