Details have emerged about a now-patched security vulnerability in the Snort intrusion detection and prevention system that could trigger a denial-of-service (DoS) condition and render it powerless against malicious traffic.
Tracked as CVE-2022-20685, the vulnerability is rated 7.5 for severity and resides in the Modbus pre-processor of the Snort detection engine. It affects all open-source Snort project releases earlier than 2.9.19 as well as version 220.127.116.11.
Maintained by Cisco, Snort is an open-source intrusion detection system (IDS) and intrusion prevention system (IPS) that offers real-time network traffic analysis to spot potential signs of malicious activity based on predefined rules.
“The vulnerability, CVE-2022-20685, is an integer-overflow issue that can cause the Snort Modbus OT pre-processor to enter an infinite while loop,” Uri Katz, a security researcher with Claroty, said in a report published last week. “A successful exploit keeps Snort from processing new packets and generating alerts.”
images from Hacker News