exploitDog

CVE-2017-6658

Опубликовано: 16 мая 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of 0xFFFF. Increasing the array size solves this problem.

Ссылки

http://blog.snort.org/2017/05/snort-vulnerabilities-found.html
Third Party Advisory
http://www.securitytracker.com/id/1038483
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170515-snort
Vendor Advisory
http://blog.snort.org/2017/05/snort-vulnerabilities-found.html
Third Party Advisory
http://www.securitytracker.com/id/1038483

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cisco:sourcefire_snort:3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00468

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-7mxj-982j-3px6

CVSS3: 7.5

github

больше 3 лет назад

Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of 0xFFFF. Increasing the array size solves this problem.

EPSS

Процентиль: 64%

0.00468

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125