Bug #3593: Stack overflow when parsing ERF file - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #3593

closed

Stack overflow when parsing ERF file

Added by Fakhri Zulkifli over 4 years ago. Updated over 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Jason Ish

Target version:

6.0.0beta1

Affected Versions:

6.0.0beta1

Effort:

Difficulty:

low

Label:

Description

Despite the low possibility of potential threat. The unchecked rlen in ReadErfRecord function will cause a stack overflow when the value assigned is below sizeof(DagRecord).

    int rlen = SCNtohs(dr.rlen);
    int wlen = SCNtohs(dr.wlen);
    r = fread(GET_PKT_DATA(p), rlen - sizeof(DagRecord), 1, etv->erf);
    if (r < 1) {

Files

poc.erf (4 KB) poc.erf

Fakhri Zulkifli, 04/03/2020 10:39 AM

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #3593

Stack overflow when parsing ERF file

Updated by Jason Ish over 4 years ago

Updated by Jason Ish over 4 years ago

Updated by Jason Ish over 4 years ago