Home

Description

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in buffer handling logic when processing DCE/RPC requests, which can result in a buffer use-after-free read. An attacker could exploit this vulnerability by sending a large number of DCE/RPC requests through an established connection that is inspected by Snort 3. A successful exploit could allow the attacker to unexpectedly restart the Snort 3 Detection Engine, which could cause a denial of service (DoS).

PUBLISHED Reserved 2025-10-08 | Published 2026-01-07 | Updated 2026-02-12 | Assigner cisco




MEDIUM: 5.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Problem types

Double Free

Product status

Default status
unknown

7.0.0
affected

7.0.0.1
affected

7.0.1
affected

7.1.0
affected

7.0.1.1
affected

7.1.0.1
affected

7.0.2
affected

7.2.0
affected

7.0.2.1
affected

7.0.3
affected

7.1.0.2
affected

7.2.0.1
affected

7.0.4
affected

7.2.1
affected

7.0.5
affected

7.3.0
affected

7.2.2
affected

7.2.3
affected

7.3.1
affected

7.1.0.3
affected

7.2.4
affected

7.0.6
affected

7.2.5
affected

7.2.4.1
affected

7.3.1.1
affected

7.4.0
affected

7.0.6.1
affected

7.2.5.1
affected

7.4.1
affected

7.2.6
affected

7.0.6.2
affected

7.4.1.1
affected

7.2.7
affected

7.2.5.2
affected

7.3.1.2
affected

7.2.8
affected

7.6.0
affected

7.4.2
affected

7.2.8.1
affected

7.0.6.3
affected

7.4.2.1
affected

7.2.9
affected

7.0.7
affected

7.7.0
affected

7.4.2.2
affected

7.2.10
affected

7.6.1
affected

7.4.2.3
affected

7.0.8
affected

7.6.2
affected

7.7.10
affected

7.0.8.1
affected

7.6.2.1
affected

7.7.10.1
affected

7.4.2.4
affected

7.2.10.2
affected

7.4.3
affected

Default status
unknown

3.17.1S
affected

16.12.3
affected

Fuji-16.9.5
affected

16.12.4
affected

17.3.1a
affected

16.6.6
affected

16.12.2
affected

Fuji-16.9.6
affected

3.17.0S
affected

Fuji-16.9.3
affected

Denali-16.3.7
affected

Fuji-16.9.2
affected

Fuji-16.9.4
affected

Everest-16.6.4
affected

Everest-16.6.3
affected

16.6.5
affected

Denali-16.3.5
affected

17.2.1r
affected

17.1.1
affected

Everest-16.6.2
affected

16.6.7a
affected

Denali-16.3.4
affected

16.6.1
affected

Denali-16.3.9
affected

Denali-16.3.3
affected

16.12.1a
affected

17.3.2
affected

17.4.1a
affected

16.12.5
affected

17.5.1
affected

Fuji-16.9.7
affected

16.6.9
affected

17.3.3
affected

17.5.1a
affected

17.3.4
affected

17.3.4a
affected

17.4.2
affected

17.4.1b
affected

17.6.1a
affected

16.6.10
affected

17.7.1a
affected

16.12.6
affected

Fuji-16.9.8
affected

17.6.2
affected

17.8.1a
affected

16.12.7
affected

17.3.5
affected

17.6.3
affected

17.6.3a
affected

17.7.2
affected

17.9.1a
affected

17.6.4
affected

17.10.1a
affected

17.3.6
affected

16.12.8
affected

17.3.7
affected

17.9.2a
affected

17.6.5
affected

17.11.1a
affected

17.9.3a
affected

17.12.1a
affected

17.9.4
affected

17.6.6
affected

17.3.8
affected

17.3.8a
affected

17.6.6a
affected

17.9.4a
affected

17.12.2
affected

17.13.1a
affected

17.9.5a
affected

17.12.3
affected

17.6.7
affected

17.14.1a
affected

17.12.4
affected

17.12.3a
affected

17.15.1a
affected

17.6.8
affected

17.9.6
affected

17.6.8a
affected

17.16.1a
affected

17.9.5e
affected

17.12.4a
affected

17.15.2c
affected

17.9.5f
affected

17.12.4b
affected

17.15.2a
affected

17.12.5
affected

17.17.1
affected

17.12.5a
affected

17.9.7a
affected

17.15.3a
affected

17.15.3
affected

17.12.5b
affected

17.12.5c
affected

17.15.4
affected

17.9.7b
affected

17.18.1
affected

17.18.1a
affected

17.12.6
affected

17.9.8
affected

17.15.4c
affected

17.12.5d
affected

17.18.2
affected

References

sec.cloudapps.cisco.com/...o-sa-snort3-dcerpc-vulns-J9HNF4tH (cisco-sa-snort3-dcerpc-vulns-J9HNF4tH)

cve.org (CVE-2026-20026)

nvd.nist.gov (CVE-2026-20026)

Download JSON