CVE-2007-0251

Publication date 16 January 2007

Last updated 24 July 2024

Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
snort	7.10 gutsy	Not affected
	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

according to http://www.securityfocus.com/bid/22004/solution, Version 1.131 of ‘src/decode.c’, as of January 10, 2007 in the Snort CVS repository, contains a fix to address this issue.

fujitsu

we never had the vulnerable release.

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-0251