Addressed Snort flaw could prompt DoS

The Hacker News reports that cybercriminals could exploit an already addressed security flaw in the Snort intrusion detection and prevention system to prompt a denial-of-service condition. Found within the Snort detection engine's Modbus preprocessor, the vulnerability, tracked as CVE-2022-20685, affects Snort project version 3.1.11.0, as well as releases prior to 2.9.19, and involves an integer-overflow issue that could trigger an "infinite loop," according to Claroty security researcher Uri Katz. Cisco, which maintains the Snort system, noted in its January advisory that successful abuse of the security bug could interrupt the Snort process and stop traffic inspections. "Successful exploits of vulnerabilities in network analysis tools such as Snort can have devastating impacts on enterprise and OT networks. Network analysis tools are an under-researched area that deserves more analysis and attention, especially as OT networks are increasingly being centrally managed by IT network analysts familiar with Snort and other similar tools," Katz added.