VDB
CVE-2019-18625
CVE-2019-18625
PUBLISHED
An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets.
EPSS 0.25% · 48.9th percentile
Risk Scores
EPSS Score
0.25%
48.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | suricata | 0, 3.2-2ubuntu3 |
| Ubuntu:16.04:LTS | suricata | 2.0.10-1, 2.0.10-2, 2.0.8-1build1 |
Exploit Intelligence
- https://redmine.openinfosecfoundation.org/issues/3286 (circl)
- https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318 (circl)
- https://redmine.openinfosecfoundation.org/issues/3395 (circl)
- https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0 (circl)
- [debian-lts-announce] 20200130 [SECURITY] [DLA 2087-1] suricata security update (circl)
Timeline
- Jan 6, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-18625 third-party-advisory
- https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318 third-party-advisory
- https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0 third-party-advisory
- https://redmine.openinfosecfoundation.org/issues/3286 third-party-advisory
- https://redmine.openinfosecfoundation.org/issues/3395 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-18625 third-party-advisory