Actions
Bug #1238
closedPossible evasion in stream-tcp-reassemble.c
Affected Versions:
Effort:
Difficulty:
Label:
Description
Hello,
A possible evasion exist in Suricata.
The client can send a fake ACK whith a very low window size, to flag the stream as STREAMTCP_STREAM_FLAG_GAP.
This will be more clear with the PoC in attachement.
Files
Updated by Victor Julien over 10 years ago
Thanks for your report. I have a patch here: https://github.com/inliniac/suricata/pull/1039, care to test it?
Updated by Victor Julien over 10 years ago
- Status changed from New to Closed
- Assignee set to Victor Julien
- Target version set to 2.0.3
- % Done changed from 0 to 100
Actions