ATTACK [PTsecurity] Buffer Overflow via Negative HTTP Chunk size number (FFMPEG CVE-2016-10190, WGET CVE-2017-13089, CVE-2017-13090)

SID: 10001108Rev: 28 views

Sourceptresearch/attackdetection

CreatedDecember 13, 2021

UpdatedDecember 13, 2021

Classificationattempted-admin

alert http any any -> $HOME_NET any (msg:"ATTACK [PTsecurity] Buffer Overflow via Negative HTTP Chunk size number (FFMPEG CVE-2016-10190, WGET CVE-2017-13089, CVE-2017-13090)"; flow:established, from_server; content:"Transfer-Encoding"; nocase; http_header; content:"chunked"; http_header; nocase; distance:0; app-layer-event:http.invalid_response_chunk_len; pcre:"/^\s*-[0-9A-Fa-f]+/Qs"; reference:cve, 2016-10190; reference:cve, 2017-13089; reference:cve, 2017-13090; reference:url, trac.ffmpeg.org/ticket/5992; reference:url, bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-13089; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10001108; rev:2;)

References

cve	2016-10190
cve	2017-13089
cve	2017-13090
url	trac.ffmpeg.org/ticket/5992
url	bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-13089
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!