Actions
Bug #2288
closed
EF
VJ
Suricata segfaults on ICMP and flowint check
Bug #2288:
Suricata segfaults on ICMP and flowint check
Affected Versions:
Effort:
Difficulty:
Label:
Description
Using only this rule on Suricata v3.2.3, v4.0.0 and v4.0.1 :
alert icmp any any -> any any (msg:"Dump Core!"; flowint:segfault,isset; classtype:trojan-activity; sid:31337; rev:1337;)
Parsing a pcap with icmp traffic makes suricata segfault:
suricata: line 10: 28912 Segmentation fault (core dumped) $BIN $OPTS -c $CONF -r $1
Compiled:
$ ./configure --prefix=/somepath/ --enable-profiling --enable-lua
Running:
$ ./path/to/suricata -c suricata.yaml -r icmp.pcap
Actions