CVE-2009-3641

Snort < 2.8.5.1 - Denial of Service via Crafted IPv6 Packet

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-3641. PoCs published by laurent gaffie.

AI-analyzed exploit summary The exploit demonstrates a remote DoS vulnerability in Snort <= 2.8.5 when parsing specially crafted IPv6 packets. It includes two Python scripts using Scapy to trigger crashes via malformed TCP or ICMPv6 packets.

Description

Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol.

Exploits (2)

exploitdb WORKING POC VERIFIED

by laurent gaffie · textdosmultiple

https://www.exploit-db.com/exploits/9969

View Code ZIP pw:eip

The exploit demonstrates a remote DoS vulnerability in Snort <= 2.8.5 when parsing specially crafted IPv6 packets. It includes two Python scripts using Scapy to trigger crashes via malformed TCP or ICMPv6 packets.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Snort <= 2.8.5

No auth needed

Prerequisites: Snort compiled with --enable-ipv6 · Snort running in verbose mode (-v) · Network access to target

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by laurent gaffie · textdoslinux

https://www.exploit-db.com/exploits/33306

View Code ZIP pw:eip

The exploit demonstrates two denial-of-service vulnerabilities in Snort 2.8.5 by sending malformed IPv6 packets using Scapy. The first PoC targets x86 systems with a crafted TCP payload, while the second affects both x86 and x64 systems via an ICMPv6 packet with an oversized payload.