Cisco Products Snort 3 HTTP MIME Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in multiple Cisco products that use Snort 3 as their HTTP decoder. This vulnerability allows an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, leading to a temporary disruption of service. The issue arises from insufficient error checking when parsing the MIME fields of HTTP headers. An attacker could exploit this by sending crafted HTTP packets through an established connection, causing the Snort 3 Detection Engine to restart unexpectedly.

Impact

Exploitation of this vulnerability causes the Snort 3 Detection Engine to restart unexpectedly, creating a denial-of-service condition.

Remediation

Cisco has released software updates to address this vulnerability. For information about fixed releases, consult the Cisco Security Advisory or use the Cisco Software Checker tool. Cisco Meraki plans to release fixes in February 2026.