An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet. Upstream Fix: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
Why do we keep opening bug reports for things that are fixed? This is fixed on all supported branches and may be closed.
To have this reported in our system. There's a point however. This can be closed, since components were marked notaffected from the start. Closed -> notabug.