preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Snort | Snort | * | 2.8.0 (including) |