Snort gets a buffer overflow vulnerability about once a year. Attacker would have to know you are running Snort, know its placement, create the attack, and somehow get it to your Snort sensor. A student of mine recommended a great strategy for my many honeypots (I run 8) In the past I used Wireshark to capture packets in real-time. Instead, I use winpcap and/or tcpdump to capture and analyze packets. Then when I’m alerted to an attack I use the captured packets (captured using port mirroring Ethernet switches), I analyze the traffic.”]
Source: https://www.csoonline.com/article/2633081/new-snort-overflow-exploit.html