Candidate: CVE-2017-15377
PublicDate: 2017-10-23 08:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15377
 https://redmine.openinfosecfoundation.org/issues/2231
Description:
 In Suricata before 4.x, it was possible to trigger lots of redundant checks
 on the content of crafted network traffic with a certain signature, because
 of DetectEngineContentInspection in detect-engine-content-inspection.c. The
 search engine doesn't stop when it should after no match is found; instead,
 it stops only upon reaching inspection-recursion-limit (3000 by default).
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_suricata:
 other: https://github.com/OISF/suricata/pull/2680/commits/47afc577ff763150f9b47f10331f5ef9eb847a57
upstream_suricata: released (1:4.0.5-1)
precise/esm_suricata: DNE
trusty_suricata: ignored (reached end-of-life)
trusty/esm_suricata: DNE (trusty was needed)
xenial_suricata: ignored (end of standard support, was needed)
zesty_suricata: ignored (reached end-of-life)
artful_suricata: ignored (reached end-of-life)
bionic_suricata: needed
cosmic_suricata: ignored (reached end-of-life)
disco_suricata: ignored (reached end-of-life)
eoan_suricata: ignored (reached end-of-life)
focal_suricata: DNE
groovy_suricata: DNE
hirsute_suricata: DNE
impish_suricata: DNE
jammy_suricata: not-affected (1:4.0.5-1)
devel_suricata: not-affected (1:4.0.5-1)