CVE-2018-18956

HIGH EXPLOITED IN THE WILD

Suricata 4.0.0-4.0.5 - Denial of Service via SMTP Parser MIME Entity Processing

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-18956 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).

Description

The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018.

References (3)

Core 3
Core References

Scores

CVSS v3 7.5
EPSS 0.0279
EPSS Percentile 84.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

VulnCheck KEV 2018-11-05
InTheWild.io 2020-08-24
CWE
CWE-119
Status published
Products (1)
suricata-ids/suricata 4.0.0 - 4.0.6
Published Nov 05, 2018
Tracked Since Feb 18, 2026