6.6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.137 Low
EPSS
Percentile
95.6%
Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a “backtracking attack.”
CPE | Name | Operator | Version |
---|---|---|---|
snort:snort | snort | le | 2.6.2 |
lists.immunitysec.com/pipermail/dailydave/2007-January/003954.html
secunia.com/advisories/23716
secunia.com/advisories/24164
secunia.com/advisories/24338
security.gentoo.org/glsa/glsa-200702-03.xml
securitytracker.com/id?1017508
www.acsac.org/2006/abstracts/54.html
www.acsac.org/2006/advance_program.html
www.acsac.org/2006/papers/54.pdf
www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf
www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip
www.mandriva.com/security/advisories?name=MDKSA-2007:051
www.osvdb.org/32096
www.securityfocus.com/bid/21991
www.snort.org/pub-bin/snortnews.cgi
exchange.xforce.ibmcloud.com/vulnerabilities/31430