Lucene search

[email protected]CVE-2017-7177

HistoryMar 18, 2017 - 8:59 p.m.

CVE-2017-7177

2017-03-1820:59:00

CWE-358

[email protected]

web.nvd.nist.gov

suricata

nvd

cve-2017-7177

ipv4

defragmentation

evasion

security issue

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

54.5%

JSON

Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.

CPENameOperatorVersion
openinfosecfoundation:suricataopeninfosecfoundation suricatale3.2

CPE	Name	Operator	Version
openinfosecfoundation:suricata	openinfosecfoundation suricata	le	3.2

References

www.securityfocus.com/bid/97047

github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8

lists.debian.org/debian-lts-announce/2018/12/msg00000.html

redmine.openinfosecfoundation.org/issues/2019

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

54.5%

JSON

Related for CVE-2017-7177

osv3 debian2 nessus2 prion1 openvas2 veracode1 cvelist1 debiancve1 ubuntucve1