Описание
Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow.
Ссылки
- US Government Resource
- Third Party AdvisoryUS Government Resource
- ExploitPatchVendor Advisory
- US Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:smoothwall:smoothwall:2.0_beta_4:*:*:*:*:*:*:*
cpe:2.3:a:sourcefire:snort:1.8:*:*:*:*:*:*:*
cpe:2.3:a:sourcefire:snort:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:sourcefire:snort:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:sourcefire:snort:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:sourcefire:snort:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:sourcefire:snort:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:sourcefire:snort:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:sourcefire:snort:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:sourcefire:snort:1.9:*:*:*:*:*:*:*
cpe:2.3:a:sourcefire:snort:1.9.1:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.64409
Средний
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
около 22 лет назад
Integer overflow in the TCP stream reassembly module (stream4) for Sno ...
github
около 3 лет назад
Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow.
EPSS
Процентиль: 98%
0.64409
Средний
10 Critical
CVSS2
Дефекты
NVD-CWE-Other