Bug ID 1793573

Bug Tracker
ID 1793573

Bug ID 1793573: Issue with relative matches in snort rules

Last Modified: Oct 15, 2025

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
17.1.2.1, 17.1.2.2, 17.1.3

Opened: Jan 29, 2025

Severity: 3-Major

Symptoms

False positive rule match. For example, false positive reports for php_php_parserr_dns_txt_heap_buffer_overflow_cve_2014_4049_1.

Impact

Signature reports false positive match.

Conditions

- Snort rule contains an overlapping relative match. - This applies to php_php_parserr_dns_txt_heap_buffer_overflow_cve_2014_4049_1. - May apply to other signatures.

Workaround

None

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips