CVE-2014-6603 - Vulnerability Details - OpenCVE

The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other impact via a crafted banner, which triggers a large memory allocation or an out-of-bounds write.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openinfosecfoundation	Suricata

Configuration 1 [-]

OR	cpe:2.3:a:openinfosecfoundation:suricata::::::::
	cpe:2.3:a:openinfosecfoundation:suricata:2.0.1-1:::::::*
	cpe:2.3:a:openinfosecfoundation:suricata:2.0.1-2:::::::*
	cpe:2.3:a:openinfosecfoundation:suricata:2.0.2-1:::::::*
	cpe:2.3:a:openinfosecfoundation:suricata:2.0.2-2:::::::*
	cpe:2.3:a:openinfosecfoundation:suricata:2.0.3-1:::::::*

No data.

References

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139630.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139821.html
http://packetstormsecurity.com/files/128382/Suricata-2.0.3-Out-Of-Bounds-Access.html
http://seclists.org/fulldisclosure/2014/Sep/79
http://www.securityfocus.com/archive/1/533515/100/0/threaded
http://www.securityfocus.com/bid/70083
https://exchange.xforce.ibmcloud.com/vulnerabilities/96157

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-10-07T14:00:00

Updated: 2024-08-06T12:24:34.355Z

Reserved: 2014-09-18T00:00:00

Link: CVE-2014-6603

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-10-07T14:55:07.517

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-6603

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-09-23T00:00:00", "descriptions": [{"lang": "en", "value": "The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other impact via a crafted banner, which triggers a large memory allocation or an out-of-bounds write."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "70083", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/70083"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/128382/Suricata-2.0.3-Out-Of-Bounds-Access.html"}, {"name": "FEDORA-2014-11462", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139821.html"}, {"name": "FEDORA-2014-11302", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139630.html"}, {"name": "suricata-cve20146603-dos(96157)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96157"}, {"name": "20140923 CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/533515/100/0/threaded"}, {"name": "20140923 CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/Sep/79"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6603", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other impact via a crafted banner, which triggers a large memory allocation or an out-of-bounds write."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "70083", "refsource": "BID", "url": "http://www.securityfocus.com/bid/70083"}, {"name": "http://packetstormsecurity.com/files/128382/Suricata-2.0.3-Out-Of-Bounds-Access.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/128382/Suricata-2.0.3-Out-Of-Bounds-Access.html"}, {"name": "FEDORA-2014-11462", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139821.html"}, {"name": "FEDORA-2014-11302", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139630.html"}, {"name": "suricata-cve20146603-dos(96157)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96157"}, {"name": "20140923 CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/533515/100/0/threaded"}, {"name": "20140923 CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Sep/79"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T12:24:34.355Z"}, "title": "CVE Program Container", "references": [{"name": "70083", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/70083"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/128382/Suricata-2.0.3-Out-Of-Bounds-Access.html"}, {"name": "FEDORA-2014-11462", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139821.html"}, {"name": "FEDORA-2014-11302", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139630.html"}, {"name": "suricata-cve20146603-dos(96157)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96157"}, {"name": "20140923 CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/533515/100/0/threaded"}, {"name": "20140923 CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2014/Sep/79"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-6603", "datePublished": "2014-10-07T14:00:00", "dateReserved": "2014-09-18T00:00:00", "dateUpdated": "2024-08-06T12:24:34.355Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openinfosecfoundation:suricata:*:*:*:*:*:*:*:*", "matchCriteriaId": "264259AB-D095-4937-AA55-EC6C18AB7AC2", "versionEndIncluding": "2.0.3-2", "vulnerable": true}, {"criteria": "cpe:2.3:a:openinfosecfoundation:suricata:2.0.1-1:*:*:*:*:*:*:*", "matchCriteriaId": "2BB77C7F-7283-46A6-8C81-086BFC081E85", "vulnerable": true}, {"criteria": "cpe:2.3:a:openinfosecfoundation:suricata:2.0.1-2:*:*:*:*:*:*:*", "matchCriteriaId": "C34D49DB-60C7-4DCC-B0A7-D8A2609C9185", "vulnerable": true}, {"criteria": "cpe:2.3:a:openinfosecfoundation:suricata:2.0.2-1:*:*:*:*:*:*:*", "matchCriteriaId": "48850034-C8C8-45EC-8BB8-000671C2AFA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:openinfosecfoundation:suricata:2.0.2-2:*:*:*:*:*:*:*", "matchCriteriaId": "36425BC4-8A63-48A1-9209-C4401255629B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openinfosecfoundation:suricata:2.0.3-1:*:*:*:*:*:*:*", "matchCriteriaId": "752330B0-3AC1-4604-BD2B-7C444E233235", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other impact via a crafted banner, which triggers a large memory allocation or an out-of-bounds write."}, {"lang": "es", "value": "La funci\u00f3n SSHParseBanner en SSH parser (app-layer-ssh.c) en Suricata anterior a 2.0.4 permite a atacantes remotos evadir las normas SSH, causar una denegaci\u00f3n de servicio (ca\u00edda), o posiblemente tener otro impacto no especificado a trav\u00e9s de un banner manipulado, lo que provoca una reserva de memoria grande o una escritura fuera de rango."}], "id": "CVE-2014-6603", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-07T14:55:07.517", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139630.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139821.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/128382/Suricata-2.0.3-Out-Of-Bounds-Access.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Sep/79"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/533515/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/70083"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96157"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139630.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139821.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/128382/Suricata-2.0.3-Out-Of-Bounds-Access.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Sep/79"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/533515/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/70083"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96157"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}