CVE-2017-6657

{"id": "CVE-2017-6657", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-05-16T17:29:00.403", "references": [{"url": "http://blog.snort.org/2017/05/snort-vulnerabilities-found.html", "tags": ["Third Party Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1038483", "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170515-snort", "tags": ["Vendor Advisory"], "source": "nvd@nist.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which will confuse the Snort++ decoder. For example, an eth:llc:snap:icmp6 packet will cause a crash because there is no ip6 header with which to calculate the icmp6 checksum. Affected decoders include gre, llc, trans_bridge, ciscometadata, linux_sll, and token_ring. The fix adds a check in the packet manager to validate the ether type before indexing the decoder array. An out of range ether type will raise 116:473."}, {"lang": "es", "value": "Sourcefire Snort de Cisco versi\u00f3n 3.0 anterior a build 233, maneja inapropiadamente la comprobaci\u00f3n de Ether Type. A partir de un tipo ether v\u00e1lido y n\u00fameros de protocolo IP no superpuestos, Snort++ almacena todos los decodificadores de protocolo en una sola matriz. Eso hace posible dise\u00f1ar paquetes que tengan n\u00fameros de protocolo IP en el campo ether type que confundir\u00e1 al decodificador Snort++. Por ejemplo, un paquete eth:llc:snap:icmp6 causar\u00e1 un bloqueo porque no existe encabezado ip6 con que calcular la suma de comprobaci\u00f3n icmp6. Los decodificadores afectados incluyen gre, llc, trans_bridge, ciscometadata, linux_sll y token_ring. La correcci\u00f3n agrega una verificaci\u00f3n en el administrador de paquetes para comprobar el tipo ether antes de indexar la matriz de decodificador. Un tipo ether fuera de rango elevar\u00e1 a 116:473."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:snort\\+\\+:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BF1C707-351E-4432-A14F-C5A73D528290"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}