CVE-2015-8954 — Suricata vulnerability

CWE-2645 documents5 sources

Severity

9.8CRITICALNVD

EPSS

1.9%

top 16.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oisf Suricata Openinfosecfoundation Suricata

Timeline

PublishedMar 20

Latest updateMay 17

Description

The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶Debianoisf/suricata< 2.0.6-1+3

▶NVDopeninfosecfoundation/suricata2.0.5

🔴Vulnerability Details

GHSA

GHSA-m68q-w483-4j98: The MemcmpLowercase function in Suricata before 2↗2022-05-17

▶

OSV

CVE-2015-8954: The MemcmpLowercase function in Suricata before 2↗2017-03-20

▶

CVEList

CVE-2015-8954: The MemcmpLowercase function in Suricata before 2↗2017-03-20

▶

📋Vendor Advisories

Debian

CVE-2015-8954: suricata - The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the fi...↗2015

▶