Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistCiscoCVELIST:CVE-2017-6657
HistoryMay 16, 2017 - 5:00 p.m.

CVE-2017-6657

2017-05-1617:00:00
cisco
www.cve.org
6

EPSS

0.001

Percentile

46.1%

JSON

Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which will confuse the Snort++ decoder. For example, an eth:llc:snap:icmp6 packet will cause a crash because there is no ip6 header with which to calculate the icmp6 checksum. Affected decoders include gre, llc, trans_bridge, ciscometadata, linux_sll, and token_ring. The fix adds a check in the packet manager to validate the ether type before indexing the decoder array. An out of range ether type will raise 116:473.

CNA Affected

[
  {
    "product": "Snort 3.0 All versions prior to build 233.",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Snort 3.0 All versions prior to build 233."
      }
    ]
  }
]

Related

nvd 1
cve 1
prion 1
cisco 1
nvd
nvd
CVE-2017-6657
2017-05-16 17:29:00
cve
cve
CVE-2017-6657
2017-05-16 17:29:00
prion
prion
Input validation
2017-05-16 17:29:00
cisco
cisco
Cisco Snort++ Protocol Decoder Denial of Service Vulnerabilities
2017-05-15 16:00:00

EPSS

0.001

Percentile

46.1%

JSON
Related for CVELIST:CVE-2017-6657
nvd1cve1prion1cisco1