cvedb.io
CVE-2015-8954
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2017-03-20T16:59:01.407 · Last modified 2026-06-17T00:35:33.470

Summary

The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.

Affected products

openinfosecfoundation — suricata

Does this affect you?

Add your gear to cvedb and we'll alert you only when openinfosecfoundation ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.