Buffer Overread Vulnerability in Cisco Sourcefire Snort 3.0
CVE-2017-6658

7.5HIGH

Key Information:

Vendor: Cisco
Status: Snort 3.0 All Versions Prior To Build 233.
Vendor: CVE Published:; 16 May 2017

Summary

Cisco Sourcefire Snort 3.0 versions prior to build 233 are susceptible to a buffer overread issue due to incorrect array size handling in the decoder array. This flaw occurs when processing packets with an EtherType of 0xFFFF, allowing potential leakage of sensitive memory contents. The root cause is a miscalculation of the decoder array size, which, when rectified, mitigates the risk of unauthorized memory access. It is crucial for organizations utilizing this software to update to the latest build to secure their systems effectively.

Affected Version(s)

Snort 3.0 All prior to build 233. Snort 3.0 All versions prior to build 233.

References

http://www.securitytracker.com/id/1038483

vdb-entryx_refsource_SECTRACK

http://blog.snort.org/2017/05/snort-vulnerabilities-found...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 16, 2017
Vulnerability Reserved
Mar 9, 2017