Snort Denial of Service Vulnerability CVE-2022-20685

RE: Snort Denial of Service Vulnerability CVE-2022-20685

SG-1 — Thu, 28 Apr 2022 14:05:06 GMT

Thank you! Publicly here in the Sophos Community the info should be useful for the time being.

RE: Snort Denial of Service Vulnerability CVE-2022-20685

RichBaldry — Thu, 28 Apr 2022 13:12:07 GMT

Yes this is on our radar and we are working on a patch for the current snort engine. In the meantime, the risk of this being used by an external attacker is virtually eliminated by blocking inbound TCP connections on TCP port 502.

RE: Snort Denial of Service Vulnerability CVE-2022-20685

LuCar Toni — Thu, 28 Apr 2022 11:56:40 GMT

You should create a Support Case to get this answer.

RE: Snort Denial of Service Vulnerability CVE-2022-20685

SG-1 — Thu, 28 Apr 2022 08:55:46 GMT

Thanks for the info! Unfortunately the Snort site doesn't have details on the two IDs. I'm afraid that the Snort software itself needs to be updated by/on Sophos though. I currently see Snort Version 2.9.17.1 on a 9.710-1 Sophos UTM. I found this interesting link which states that the Snort engine can be delivered by Sophos via the pattern updates. That's why I tried to ask RichBaldry here.

RE: Snort Denial of Service Vulnerability CVE-2022-20685

Amodin — Thu, 28 Apr 2022 01:49:47 GMT

Well I tried to reply to this topic, but my reply was actually being moderated and labeled as 'spam'.

At any rate, let's see if this works - IPS rules has two listings for it. Astaro IPS Rules

RE: Snort Denial of Service Vulnerability CVE-2022-20685

Amodin — Thu, 28 Apr 2022 01:46:35 GMT

Under 58906, 58907 on the ID.

Astaro IPS Rules