CVE-2015-8954
published 2017-03-20CVE-2015-8954: The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass…
PriorityP356critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.26%
86.8th percentile
The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | suricata | < suricata 2.0.6-1 (bookworm) | suricata 2.0.6-1 (bookworm) |
| oisf | suricata | >= 0 < 2.0.6-1 | 2.0.6-1 |
| oisf | suricata | >= 0 < 2.0.6-1 | 2.0.6-1 |
| oisf | suricata | >= 0 < 2.0.6-1 | 2.0.6-1 |
| oisf | suricata | >= 0 < 2.0.6-1 | 2.0.6-1 |
| openinfosecfoundation | suricata | <= 2.0.5 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m68q-w483-4j98: The MemcmpLowercase function in Suricata before 2
ghsa_unreviewed·2022-05-17
CVE-2015-8954 [CRITICAL] GHSA-m68q-w483-4j98: The MemcmpLowercase function in Suricata before 2
The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.
OSV
CVE-2015-8954: The MemcmpLowercase function in Suricata before 2
osv·2017-03-20·CVSS 9.8
CVE-2015-8954 [CRITICAL] CVE-2015-8954: The MemcmpLowercase function in Suricata before 2
The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.
Debian
CVE-2015-8954: suricata - The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the fi...
vendor_debian·2015·CVSS 9.8
CVE-2015-8954 [CRITICAL] CVE-2015-8954: suricata - The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the fi...
The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.
Scope: local
bookworm: resolved (fixed in 2.0.6-1)
bullseye: resolved (fixed in 2.0.6-1)
forky: resolved (fixed in 2.0.6-1)
sid: resolved (fixed in 2.0.6-1)
trixie: resolved (fixed in 2.0.6-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777523https://redmine.openinfosecfoundation.org/issues/1364https://suricata-ids.org/2015/01/15/suricata-2-0-6-available/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777523https://redmine.openinfosecfoundation.org/issues/1364https://suricata-ids.org/2015/01/15/suricata-2-0-6-available/
2017-03-20
Published