Integer Overflow Vulnerability in Suricata 4.0.4 EtherNet/IP PDU Parsing

Integer Overflow Vulnerability in Suricata 4.0.4 EtherNet/IP PDU Parsing

CVE-2018-10244 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check.

Learn more about our Web Application Penetration Testing UK.