Intrusion Prevention

SNIProxy.new_address.Stack.Buffer.Overflow

Description

This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in SNIProxy.
The vulnerability is due to lack of proper validation of the length of the Host header or SNI data prior to copying it to a fixed-length stack buffer. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP or TLS packet to the vulnerable server. Successful exploitation could result in execution of arbitrary code in the security context of the vulnerable service.

Affected Products

SNIProxy prior to 0.6.1

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02ae23d583

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date	Version	Status	Detail
2023-08-10	25.619	Modified	Default_action:pass:drop
2023-06-19	24.582	New

ID	53274
Created	Jun 12, 2023
Updated	Aug 09, 2023
CVE ID
Risk
Exploit Prediction Score	35.52%
Default Action	drop
Active
Affected OS	Linux, MacOS
Affected App	Other
Profile Type	Buffer Errors

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Intrusion Prevention

SNIProxy.new_address.Stack.Buffer.Overflow

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Intrusion Prevention

SNIProxy.new_address.Stack.Buffer.Overflow

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Threat Intelligence
Center