ID: RBSA-2016-001
Name: Vulnerability in Snort related to file inspection
Date: 03/30/2016
CVE names: CVE-2016-1345
Status: Solved by vendor


A ‘Improper Input Validation’ vulnerability has been discovered in the Snort file inspection features. The vulnerability, which has been identified as CVE-2016-1345, has a high level impact according to the CVSS v3 Base Score.


Snort versions prior to which use the file inspection features are affected and exposed to this risk. These features were introduced in Snort v2.9.6.0 to help to deter malware propagation.

The vulnerability has been classified as ‘Improper Input Validation’ (CWE-20), which means that the program could not be able to validate some improper inputs correctly. Specifically, Snort risks to make an incorrect data validation of HTTP Headers, thereby an attacker could send a crafted HTTP request for the purpose of avoiding the file detection and therefore being able to spread malware.

Snort versions from to are in risk only in the case of file inspection features are enabled, therefore redborder IPS is not affected by this vulnerability.

Affected systems

Snort versions from to inclusive with file inspection features enabled.


There is no workaround available.


For Snort installations with file inspection features enabled, upgrade to Snort v2.9.8.2. For redborder IPS installations no action is needed.


Cisco -
CVE-2016-1345 -


The redBorder CSIRT Group:

Have more questions? Submit a request


Powered by Zendesk