CVE-2017-15377

Name of the Vulnerable Software and Affected Versions Suricata versions prior to 4.x

Description The issue is related to the DetectEngineContentInspection component in Suricata, which can be triggered by crafted network traffic with a certain signature. This causes the search engine to perform redundant checks on the content, leading to potential denial of service. The search engine fails to stop when it should after no match is found, instead stopping only upon reaching the inspection-recursion-limit, which is 3000 by default. An attacker could exploit this to cause a denial of service using specially crafted network traffic, resulting in excessive checks.

Recommendations For Suricata versions prior to 4.x, consider updating to version 4.x or later to resolve the issue. As a temporary workaround, consider adjusting the inspection-recursion-limit to a lower value to minimize the risk of exploitation. Restrict access to the DetectEngineContentInspection component to minimize the risk of denial of service attacks.