How severe is CVE-2019-16411?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2019-16411?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2019-16411 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, "flag = *(o->data + 3)" places one beyond the 3 bytes, because the code should have been "flag = *(o->data + 1)" instead.

Related Vulnerabilities

CVE-1999-0006

CRITICAL

CVSS:9.8(Critical)

Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.

CWE-1251999

CVE-2014-2896

CRITICAL

CVSS:9.8(Critical)

The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an ou...

CWE-1252014

CVE-2014-2897

CRITICAL

CVSS:9.8(Critical)

The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC...

CWE-1252014

CVE-2014-2898

CRITICAL

CVSS:9.8(Critical)

wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not ...

CWE-1252014

CVE-2015-8608

CRITICAL

CVSS:9.8(Critical)

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter...

CWE-1252015

CVE-2015-9050

CRITICAL

CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call.

CWE-1252015