Security #1880: icmpv4 error packets can lead to missed detection in tcp/udp - Suricata - Open Information Security Foundation

Actions

Copy link

Security #1880

closed

icmpv4 error packets can lead to missed detection in tcp/udp

Added by Victor Julien about 8 years ago. Updated about 4 years ago.

Status:

Closed

Priority:

High

Assignee:

Victor Julien

Target version:

3.1.2

Affected Versions:

Label:

CVE:

2016-10728

Git IDs:

6b078e4f51800ac4cba3660dedfe210474491bc6

Severity:

Disclosure Date:

Description

If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #1880

icmpv4 error packets can lead to missed detection in tcp/udp

Updated by Victor Julien about 8 years ago

Updated by Victor Julien about 4 years ago