CVE-2017-15377 Information

Description

In Suricata before 4.x it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn’t stop when it should after no match is found; instead it stops only upon reaching inspection-recursion-limit (3000 by default).

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://github.com/OISF/suricata/commit/b9579fbe7dd408200ef03cbe20efddb624b73885 https://lists.debian.org/debian-lts-announce/2018/12/msg00000.html https://redmine.openinfosecfoundation.org/issues/2231

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5