Project

General

Profile

Actions

Security #1880

closed

icmpv4 error packets can lead to missed detection in tcp/udp

Added by Victor Julien over 7 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
High
Assignee:
Target version:
Affected Versions:
Label:
Git IDs:

6b078e4f51800ac4cba3660dedfe210474491bc6

Severity:
Disclosure Date:

Description

If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection.

Actions

Also available in: Atom PDF