Security #1880: icmpv4 error packets can lead to missed detection in tcp/udp - Suricata - Open Information Security Foundation

Actions

Copy link

Security #1880

closed

VJ VJ

icmpv4 error packets can lead to missed detection in tcp/udp

Security #1880: icmpv4 error packets can lead to missed detection in tcp/udp

Added by Victor Julien over 9 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

High

Assignee:

Victor Julien

Target version:

3.1.2

Affected Versions:

Label:

CVE:

2016-10728

Git IDs:

6b078e4f51800ac4cba3660dedfe210474491bc6

Severity:

Disclosure Date:

Description

If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection.

VJ Updated by Victor Julien over 9 years ago Actions
Copy link
#1

Status changed from Assigned to Closed

https://github.com/inliniac/suricata/pull/2210

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
#2

Tracker changed from Bug to Security
CVE set to 2016-10728
Git IDs updated (diff)

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Security #1880

icmpv4 error packets can lead to missed detection in tcp/udp

VJ Updated by Victor Julien over 9 years ago Actions
Copy link
#1

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
#2

Project

General

Profile

Suricata

Custom queries

Security #1880

icmpv4 error packets can lead to missed detection in tcp/udp

VJ Updated by Victor Julien over 9 years ago ActionsCopy link #1

VJ Updated by Victor Julien over 5 years ago ActionsCopy link #2

VJ Updated by Victor Julien over 9 years ago Actions
Copy link
#1

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
#2