Buffer Overread Vulnerability in Cisco Sourcefire Snort 3.0
CVE-2017-6658

7.5HIGH

Key Information:

Vendor: Cisco
Status: Snort 3.0 All Versions Prior To Build 233.
Vendor: CVE Published:; 16 May 2017

What is CVE-2017-6658?

Cisco Sourcefire Snort 3.0 versions prior to build 233 are susceptible to a buffer overread issue due to incorrect array size handling in the decoder array. This flaw occurs when processing packets with an EtherType of 0xFFFF, allowing potential leakage of sensitive memory contents. The root cause is a miscalculation of the decoder array size, which, when rectified, mitigates the risk of unauthorized memory access. It is crucial for organizations utilizing this software to update to the latest build to secure their systems effectively.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Snort 3.0 All prior to build 233. Snort 3.0 All versions prior to build 233.

References

http://www.securitytracker.com/id/1038483

vdb-entryx_refsource_SECTRACK

http://blog.snort.org/2017/05/snort-vulnerabilities-found...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 16, 2017
Vulnerability Reserved
Mar 9, 2017

JSON

Cisco

What is CVE-2017-6658?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.