Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2004-2652

The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference.

  • Published: Dec 31, 2004
  • Updated: Apr 13, 2023
  • CVE: CVE-2004-2652
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.8
  • AV:N/AC:L/Au:N/C:N/I:N/A:C

No CWE or OWASP classifications available.

Software From Fixed in
sourcefire / snort 2.2 2.2.x
sourcefire / snort 2.1.1_rc1 2.1.1_rc1.x
sourcefire / snort 2.1.0 2.1.0.x
sourcefire / snort 2.1.3 2.1.3.x