Bug #3328
closed
Added by Nicolas Adba about 5 years ago.
Updated about 5 years ago.
Description
Suricata is vulnerable to bad ip option evasions.
Here are the pcaps of issue number 3286 with a bad ipv4 option.
I don't think it's exploitable in the wild because routers should drop the injected packets (I didn't test it thought).
Files
- Assignee set to OISF Dev
- Target version set to 70
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Jason Ish
- Target version changed from 70 to 5.0.1
- Priority changed from Normal to High
- Label Needs backport added
- Status changed from Assigned to Closed
- Priority changed from High to Normal
- Private changed from Yes to No
- Label deleted (
Needs backport)
- Copied to Bug #3414: bad ip option evasion (4.1.x) added
Also available in: Atom
PDF