Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for snort\+\+ by cisco

    VAR-201705-3674

    Vulnerability from variot - Updated: 2025-04-20 23:16

    Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which will confuse the Snort++ decoder. For example, an eth:llc:snap:icmp6 packet will cause a crash because there is no ip6 header with which to calculate the icmp6 checksum. Affected decoders include gre, llc, trans_bridge, ciscometadata, linux_sll, and token_ring. The fix adds a check in the packet manager to validate the ether type before indexing the decoder array. An out of range ether type will raise 116:473. Cisco Sourcefire Snort Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Snort++ is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to restart the affected process, denying service to legitimate users. These issues fixed in: Cisco Snort++ BUILD_233. Cisco Sourcefire Snort is a set of network intrusion prevention software and network intrusion detection software from Cisco (formerly Snort team). The software provides functions such as packet sniffing, packet analysis, and packet inspection. The vulnerability stems from the fact that the program does not correctly handle Type verification

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3674",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "snort\\+\\+",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "snort++",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "snort++",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "snort++ build 233",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "98465"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004114"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-764"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6657"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:cisco:snort%2B%2B",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004114"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Bhargava Shastry",
        "sources": [
          {
            "db": "BID",
            "id": "98465"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-6657",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-6657",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-114860",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-6657",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-6657",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-6657",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201705-764",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-114860",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-114860"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004114"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-764"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6657"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which will confuse the Snort++ decoder. For example, an eth:llc:snap:icmp6 packet will cause a crash because there is no ip6 header with which to calculate the icmp6 checksum. Affected decoders include gre, llc, trans_bridge, ciscometadata, linux_sll, and token_ring. The fix adds a check in the packet manager to validate the ether type before indexing the decoder array. An out of range ether type will raise 116:473. Cisco Sourcefire Snort Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Snort++ is prone to multiple remote denial-of-service vulnerabilities. \nAn attacker can exploit these issues to restart the affected process, denying service to legitimate users. \nThese issues fixed in:\nCisco Snort++ BUILD_233. Cisco Sourcefire Snort is a set of network intrusion prevention software and network intrusion detection software from Cisco (formerly Snort team). The software provides functions such as packet sniffing, packet analysis, and packet inspection. The vulnerability stems from the fact that the program does not correctly handle Type verification",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6657"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004114"
          },
          {
            "db": "BID",
            "id": "98465"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114860"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-6657",
            "trust": 2.8
          },
          {
            "db": "SECTRACK",
            "id": "1038483",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004114",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-764",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "98465",
            "trust": 0.3
          },
          {
            "db": "VULHUB",
            "id": "VHN-114860",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-114860"
          },
          {
            "db": "BID",
            "id": "98465"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004114"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-764"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6657"
          }
        ]
      },
      "id": "VAR-201705-3674",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-114860"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:16:09.467000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20170515-snort",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170515-snort"
          },
          {
            "title": "Cisco Sourcefire Snort Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70336"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004114"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-764"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-114860"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004114"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6657"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://blog.snort.org/2017/05/snort-vulnerabilities-found.html"
          },
          {
            "trust": 1.9,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170515-snort"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1038483"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6657"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6657"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/snortadmin/snort3/commit/7ae50f4be245efd469dee2ce2855b6235b07aa42"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-114860"
          },
          {
            "db": "BID",
            "id": "98465"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004114"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-764"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6657"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-114860"
          },
          {
            "db": "BID",
            "id": "98465"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004114"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-764"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6657"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-114860"
          },
          {
            "date": "2017-05-15T00:00:00",
            "db": "BID",
            "id": "98465"
          },
          {
            "date": "2017-06-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-004114"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201705-764"
          },
          {
            "date": "2017-05-16T17:29:00.403000",
            "db": "NVD",
            "id": "CVE-2017-6657"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-114860"
          },
          {
            "date": "2017-05-15T00:00:00",
            "db": "BID",
            "id": "98465"
          },
          {
            "date": "2017-06-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-004114"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201705-764"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-6657"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-764"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco Sourcefire Snort Resource management vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004114"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-764"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2017-6657 (GCVE-0-2017-6657)

    Vulnerability from nvd – Published: 2017-05-16 17:00 – Updated: 2024-08-05 15:33
    VLAI
    Summary
    Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which will confuse the Snort++ decoder. For example, an eth:llc:snap:icmp6 packet will cause a crash because there is no ip6 header with which to calculate the icmp6 checksum. Affected decoders include gre, llc, trans_bridge, ciscometadata, linux_sll, and token_ring. The fix adds a check in the packet manager to validate the ether type before indexing the decoder array. An out of range ether type will raise 116:473.
    Severity
    No CVSS data available.
    CWE
    • input validation error
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1038483 vdb-entryx_refsource_SECTRACK
    http://blog.snort.org/2017/05/snort-vulnerabiliti… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a Snort 3.0 All versions prior to build 233. Affected: Snort 3.0 All versions prior to build 233.
    Date Public
    2017-05-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:33:20.453Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038483",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038483"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blog.snort.org/2017/05/snort-vulnerabilities-found.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snort 3.0 All versions prior to build 233.",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Snort 3.0 All versions prior to build 233."
                }
              ]
            }
          ],
          "datePublic": "2017-05-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which will confuse the Snort++ decoder. For example, an eth:llc:snap:icmp6 packet will cause a crash because there is no ip6 header with which to calculate the icmp6 checksum. Affected decoders include gre, llc, trans_bridge, ciscometadata, linux_sll, and token_ring. The fix adds a check in the packet manager to validate the ether type before indexing the decoder array. An out of range ether type will raise 116:473."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "input validation error",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "1038483",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038483"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blog.snort.org/2017/05/snort-vulnerabilities-found.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2017-6657",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snort 3.0 All versions prior to build 233.",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Snort 3.0 All versions prior to build 233."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which will confuse the Snort++ decoder. For example, an eth:llc:snap:icmp6 packet will cause a crash because there is no ip6 header with which to calculate the icmp6 checksum. Affected decoders include gre, llc, trans_bridge, ciscometadata, linux_sll, and token_ring. The fix adds a check in the packet manager to validate the ether type before indexing the decoder array. An out of range ether type will raise 116:473."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "input validation error"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038483",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038483"
                },
                {
                  "name": "http://blog.snort.org/2017/05/snort-vulnerabilities-found.html",
                  "refsource": "CONFIRM",
                  "url": "http://blog.snort.org/2017/05/snort-vulnerabilities-found.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2017-6657",
        "datePublished": "2017-05-16T17:00:00.000Z",
        "dateReserved": "2017-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:33:20.453Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6657 (GCVE-0-2017-6657)

    Vulnerability from cvelistv5 – Published: 2017-05-16 17:00 – Updated: 2024-08-05 15:33
    VLAI
    Summary
    Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which will confuse the Snort++ decoder. For example, an eth:llc:snap:icmp6 packet will cause a crash because there is no ip6 header with which to calculate the icmp6 checksum. Affected decoders include gre, llc, trans_bridge, ciscometadata, linux_sll, and token_ring. The fix adds a check in the packet manager to validate the ether type before indexing the decoder array. An out of range ether type will raise 116:473.
    Severity
    No CVSS data available.
    CWE
    • input validation error
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1038483 vdb-entryx_refsource_SECTRACK
    http://blog.snort.org/2017/05/snort-vulnerabiliti… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a Snort 3.0 All versions prior to build 233. Affected: Snort 3.0 All versions prior to build 233.
    Date Public
    2017-05-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:33:20.453Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038483",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038483"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blog.snort.org/2017/05/snort-vulnerabilities-found.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snort 3.0 All versions prior to build 233.",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Snort 3.0 All versions prior to build 233."
                }
              ]
            }
          ],
          "datePublic": "2017-05-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which will confuse the Snort++ decoder. For example, an eth:llc:snap:icmp6 packet will cause a crash because there is no ip6 header with which to calculate the icmp6 checksum. Affected decoders include gre, llc, trans_bridge, ciscometadata, linux_sll, and token_ring. The fix adds a check in the packet manager to validate the ether type before indexing the decoder array. An out of range ether type will raise 116:473."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "input validation error",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "1038483",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038483"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blog.snort.org/2017/05/snort-vulnerabilities-found.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2017-6657",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snort 3.0 All versions prior to build 233.",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Snort 3.0 All versions prior to build 233."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which will confuse the Snort++ decoder. For example, an eth:llc:snap:icmp6 packet will cause a crash because there is no ip6 header with which to calculate the icmp6 checksum. Affected decoders include gre, llc, trans_bridge, ciscometadata, linux_sll, and token_ring. The fix adds a check in the packet manager to validate the ether type before indexing the decoder array. An out of range ether type will raise 116:473."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "input validation error"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038483",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038483"
                },
                {
                  "name": "http://blog.snort.org/2017/05/snort-vulnerabilities-found.html",
                  "refsource": "CONFIRM",
                  "url": "http://blog.snort.org/2017/05/snort-vulnerabilities-found.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2017-6657",
        "datePublished": "2017-05-16T17:00:00.000Z",
        "dateReserved": "2017-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:33:20.453Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }