How severe is CVE-2019-18792?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2019-18792?

This is classified as CWE-436, which is a common weakness in software security.

CVE-2019-18792 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suricata because it overlaps the FIN packet (the sequence and ack number are identical in the two packets). The client will ignore the fake FIN packet because the ACK flag is not set. Both linux and windows clients are ignoring the injected packet.

Related Vulnerabilities

CVE-2024-38428

CRITICAL

CVSS:9.1(Critical)

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent...

CWE-4362024

CVE-2018-19966

HIGH

CVSS:8.8(High)

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for ...

CWE-4362018

CVE-2018-6560

HIGH

CVSS:8.8(High)

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in th...

CWE-4362018

CVE-2021-28474

HIGH

CVSS:8.8(High)

Microsoft SharePoint Server Remote Code Execution Vulnerability

CWE-4362021

CVE-2022-36051

HIGH

CVSS:8.8(High)

ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` ...

CWE-4362022

CVE-2019-19589

CRITICAL

CVSS:9.8(Critical)

The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF ...

CWE-4362019