preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 11 | all | snort | < 2.7.0-20 | snort_2.7.0-20_all.deb |
Debian | 10 | all | snort | < 2.7.0-20 | snort_2.7.0-20_all.deb |
Debian | 999 | all | snort | < 2.7.0-20 | snort_2.7.0-20_all.deb |