Description
An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://suricata-ids.org/2016/09/07/suricata-3-1-2-released/
Third Party Advisory x_refsource_misc
https://redmine.openinfosecfoundation.org/issues/1880
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/09/msg00019.html
Exploit, Third Party Advisory x_refsource_misc
https://github.com/kirillwow/ids_bypass
Scores
CVSS v3
5.3
EPSS
0.0039
EPSS Percentile
60.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-20
Status
published
Products (1)
suricata-ids/suricata
< 3.1.2
Published
Jul 23, 2018
Tracked Since
Feb 18, 2026