[原文]The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference.
Snort contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted packet is sent and Snort is configured for FAST output, and will result in loss of availability for the service.
Upgrade to version 2.3.0-RC1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.