Security #1880: icmpv4 error packets can lead to missed detection in tcp/udp - Suricata - Open Information Security Foundation

Actions

Copy link

Security #1880

closed

VJ VJ

icmpv4 error packets can lead to missed detection in tcp/udp

Security #1880: icmpv4 error packets can lead to missed detection in tcp/udp

Added by Victor Julien almost 10 years ago. Updated almost 6 years ago.

Status:

Closed

Priority:

High

Assignee:

Victor Julien

Target version:

3.1.2

Affected Versions:

Label:

CVE:

2016-10728

Git IDs:

6b078e4f51800ac4cba3660dedfe210474491bc6

Severity:

Disclosure Date:

GHSA:

Description

If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection.

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Security #1880

icmpv4 error packets can lead to missed detection in tcp/udp

VJ Updated by Victor Julien almost 10 years ago Actions
Copy link
#1

VJ Updated by Victor Julien almost 6 years ago Actions
Copy link
#2

Project

General

Profile

Suricata

Custom queries

Security #1880

icmpv4 error packets can lead to missed detection in tcp/udp

VJ Updated by Victor Julien almost 10 years ago ActionsCopy link #1

VJ Updated by Victor Julien almost 6 years ago ActionsCopy link #2

VJ Updated by Victor Julien almost 10 years ago Actions
Copy link
#1

VJ Updated by Victor Julien almost 6 years ago Actions
Copy link
#2