Cisco Snort 3 Detection Engine: VBA Decompression DoS via Improper Error Checking
CVE-2026-20058 Published on March 4, 2026
Cisco Secure Firewall Threat Defense Software Snort 3 Visual Basic for Application Denial of Service Vulnerability
Multiple Cisco products are affected by vulnerabilities in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash.
These vulnerabilities are due to improper error checking when decompressing VBA data. An attacker could exploit these vulnerabilities by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause the Snort 3 Detection Engine to unexpectedly restart, causing a DoS condition.
Vulnerability Analysis
CVE-2026-20058 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
Access of Memory Location Before Start of Buffer
The software reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.
Affected Versions
Cisco Secure Firewall Threat Defense (FTD) Software:- Version 7.2.0 is affected.
- Version 7.2.0.1 is affected.
- Version 7.2.1 is affected.
- Version 7.3.0 is affected.
- Version 7.2.2 is affected.
- Version 7.2.3 is affected.
- Version 7.3.1 is affected.
- Version 7.2.4 is affected.
- Version 7.2.5 is affected.
- Version 7.2.4.1 is affected.
- Version 7.3.1.1 is affected.
- Version 7.4.0 is affected.
- Version 7.2.5.1 is affected.
- Version 7.4.1 is affected.
- Version 7.2.6 is affected.
- Version 7.4.1.1 is affected.
- Version 7.2.7 is affected.
- Version 7.2.5.2 is affected.
- Version 7.3.1.2 is affected.
- Version 7.2.8 is affected.
- Version 7.6.0 is affected.
- Version 7.4.2 is affected.
- Version 7.2.8.1 is affected.
- Version 7.4.2.1 is affected.
- Version 7.2.9 is affected.
- Version 7.7.0 is affected.
- Version 7.4.2.2 is affected.
- Version 7.2.10 is affected.
- Version 7.6.1 is affected.
- Version 7.4.2.3 is affected.
- Version 7.6.2 is affected.
- Version 7.7.10 is affected.
- Version 7.6.2.1 is affected.
- Version 7.7.10.1 is affected.
- Version 7.4.2.4 is affected.
- Version 7.2.10.2 is affected.
- Version 7.4.3 is affected.
- Version 17.9.3a is affected.
- Version 17.12.1a is affected.
- Version 17.12.2 is affected.
- Version 17.13.1a is affected.
- Version 17.9.5a is affected.
- Version 17.12.3 is affected.
- Version 17.14.1a is affected.
- Version 17.12.4 is affected.
- Version 17.12.3a is affected.
- Version 17.15.1a is affected.
- Version 17.9.6 is affected.
- Version 17.16.1a is affected.
- Version 17.12.4a is affected.
- Version 17.15.2c is affected.
- Version 17.12.4b is affected.
- Version 17.15.2a is affected.
- Version 17.12.5 is affected.
- Version 17.17.1 is affected.
- Version 17.12.5a is affected.
- Version 17.15.3a is affected.
- Version 17.15.3 is affected.
- Version 17.12.5b is affected.
- Version 17.12.5c is affected.
- Version 17.15.4 is affected.
- Version 17.18.1 is affected.
- Version 17.18.1a is affected.
- Version 17.12.6 is affected.
- Version 17.15.4c is affected.
- Version 17.12.5d is affected.
- Version 17.18.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.