CVE-2017-15377 Affecting suricata package, versions *


Severity

Recommended
low

Based on Debian security rating.

Threat Intelligence

EPSS
0.26% (65th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN9-SURICATA-281655
  • published23 Oct 2017
  • disclosed23 Oct 2017

Introduced: 23 Oct 2017

CVE-2017-15377  (opens in a new tab)

How to fix?

There is no fixed version for Debian:9 suricata.

NVD Description

Note: Versions mentioned in the description apply only to the upstream suricata package and not the suricata package as distributed by Debian. See How to fix? for Debian:9 relevant fixed versions and status.

In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default).