Actions
Security #5945
closedbyte_math: Division by zero possible.
Affected Versions:
Label:
CVE:
Git IDs:
Severity:
MODERATE
Disclosure Date:
Description
The byte_math
keyword supports basic math and shift-left/right operations for the rvalue
(either a scalar or variable).
The division operator should check for a zero-value divisor value.
alert tcp any any -> any any (msg:"Testing bytemath_body"; \ content:"|00 04 93 F3|"; \ content:"|00 00 00 07|"; distance:4; within:4; \ byte_math:bytes 4, offset 0, oper /, rvalue \ 248, relative,result var; sid:1;)
Actions