Description
Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/
Patch, Third Party Advisory x_refsource_misc
https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345
Exploit, Third Party Advisory x_refsource_misc
https://redmine.openinfosecfoundation.org/issues/2501
Exploit, Third Party Advisory x_refsource_misc
https://github.com/kirillwow/ids_bypass
Scores
CVSS v3
7.5
EPSS
0.0028
EPSS Percentile
51.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (1)
suricata-ids/suricata
< 4.0.5
Published
Jul 23, 2018
Tracked Since
Feb 18, 2026