Skip to content

An issue was discovered in Suricata 5.0.0. It is possible...

Moderate severity Unreviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Oct 22, 2024

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suricata because it overlaps the FIN packet (the sequence and ack number are identical in the two packets). The client will ignore the fake FIN packet because the ACK flag is not set. Both linux and windows clients are ignoring the injected packet.

References

Published by the National Vulnerability Database Jan 6, 2020
Published to the GitHub Advisory Database May 24, 2022
Last updated Oct 22, 2024

Severity

Moderate

EPSS score

1.545%
(87th percentile)

CVE ID

CVE-2019-18792

GHSA ID

GHSA-p4hg-mvq8-47jj

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.