#VU117301 Buffer under-read in Snort - CVE-2025-20359

Cybersecurity Help s.r.o.

Published: 2025-10-15

Vulnerability identifier: #VU117301

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-20359

CWE-ID: CWE-127

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Snort
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Sourcefire

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the HTTP decoder when handling MIME fields. A remote attacker can send specially crafted HTTP packets through the channel that is monitored by the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Snort: 3.1.0.0 - 3.9.3.0

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-mime-vulns-tTL8PgVH

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Cisco Cyber Vision update for Snort

Cisco Adaptive Security Appliance update for Snort

Cisco Secure Firewall Management Center update for Snort

Cisco Secure Firewall Threat Defense update for Snort

Buffer under-read in Snort HTTP decoder