CVE-2017-15377
published 2017-10-23CVE-2017-15377: In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of…
PriorityP336high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
1.98%
78.1th percentile
In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default).
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | suricata | < suricata 1:4.0.0-1 (bookworm) | suricata 1:4.0.0-1 (bookworm) |
| oisf | suricata | >= 0 < 1:4.0.0-1 | 1:4.0.0-1 |
| oisf | suricata | >= 0 < 1:4.0.0-1 | 1:4.0.0-1 |
| oisf | suricata | >= 0 < 1:4.0.0-1 | 1:4.0.0-1 |
| oisf | suricata | >= 0 < 1:4.0.0-1 | 1:4.0.0-1 |
| openinfosecfoundation | suricata | <= 3.2.4 | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2017-15377: suricata - In Suricata before 4.x, it was possible to trigger lots of redundant checks on t...
vendor_debian·2017·CVSS 7.5
CVE-2017-15377 [HIGH] CVE-2017-15377: suricata - In Suricata before 4.x, it was possible to trigger lots of redundant checks on t...
In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default).
Scope: local
bookworm: resolved (fixed in 1:4.0.0-1)
bullseye: resolved (fixed in 1:4.0.0-1)
forky: resolved (fixed in 1:4.0.0-1)
sid: resolved (fixed in 1:4.0.0-1)
trixie: resolved (fixed in 1:4.0.0-1)
GHSA
GHSA-4p84-v7gc-359m: In Suricata before 4
ghsa_unreviewed·2022-05-13
CVE-2017-15377 [HIGH] GHSA-4p84-v7gc-359m: In Suricata before 4
In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default).
OSV
CVE-2017-15377: In Suricata before 4
osv·2017-10-23·CVSS 7.5
CVE-2017-15377 [HIGH] CVE-2017-15377: In Suricata before 4
In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/OISF/suricata/commit/b9579fbe7dd408200ef03cbe20efddb624b73885https://lists.debian.org/debian-lts-announce/2018/12/msg00000.htmlhttps://redmine.openinfosecfoundation.org/issues/2231https://github.com/OISF/suricata/commit/b9579fbe7dd408200ef03cbe20efddb624b73885https://lists.debian.org/debian-lts-announce/2018/12/msg00000.htmlhttps://redmine.openinfosecfoundation.org/issues/2231
2017-10-23
Published