CVE-2018-14568

NameCVE-2018-14568
DescriptionSuricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
suricata (PTS)bullseye1:6.0.1-3fixed
bullseye (security)1:6.0.1-3+deb11u1fixed
bookworm1:6.0.10-1fixed
trixie1:7.0.10-1+deb13u1fixed
forky, sid1:8.0.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
suricatasource(unstable)1:4.0.5-1

Notes

[stretch] - suricata <no-dsa> (Minor issue)
[jessie] - suricata <no-dsa> (Minor issue)
https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345
https://redmine.openinfosecfoundation.org/issues/2501
Search for package or bug name: Reporting problems