Skip to main content

Snort CVE-2017-6657

HIGH
2017-05-16 psirt@cisco.com
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
May 16, 2017 - 17:29 cve.org
HIGH 7.5

DescriptionCVE.org

Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which will confuse the Snort++ decoder. For example, an eth:llc:snap:icmp6 packet will cause a crash because there is no ip6 header with which to calculate the icmp6 checksum. Affected decoders include gre, llc, trans_bridge, ciscometadata, linux_sll, and token_ring. The fix adds a check in the packet manager to validate the ether type before indexing the decoder array. An out of range ether type will raise 116:473.

AnalysisAI

Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which will confuse the Snort++ decoder. For example, an eth:llc:snap:icmp6 packet will cause a crash because there is no ip6 header with which to calculate the icmp6 checksum. Affected decoders include gre, llc, trans_bridge, ciscometadata, linux_sll, and token_ring. The fix adds a check in the packet manager to validate the ether type before indexing the decoder array. An out of range ether type will raise 116:473. Affected products include: Cisco Snort\+\+.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Snort

View all
CVE-2016-1417 HIGH POC
8.8 Jan 23

Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct

CVE-2024-20342 HIGH
8.6 Oct 23

Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that

CVE-2021-40116 HIGH
7.5 Oct 27

Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attac

CVE-2021-40114 HIGH
7.5 Oct 27

Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic tha

CVE-2021-1223 HIGH
7.5 Jan 13

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticate

CVE-2024-20363 MEDIUM
5.8 May 22

Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that

CVE-2020-3299 MEDIUM
5.8 Oct 21

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticate

CVE-2023-20246 MEDIUM
5.3 Nov 01

Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthentic

CVE-2021-1495 MEDIUM
5.3 Apr 29

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticate

CVE-2021-1236 MEDIUM
5.3 Jan 13

Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an un

CVE-2021-1224 MEDIUM
5.3 Jan 13

Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort

Share

CVE-2017-6657 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy