Project

General

Profile

Actions

Bug #3668

closed

Signature with an IP range creates one IPOnlyCIDRItem by IP address

Added by Jeff Lucovsky over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Found by fuzzing https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21817

For example, when we want the range 41.232.107.2-43.252.37.6, it creates millions of IPOnlyCIDRItem because it gives them all a netmask of 32

Solution is to extend the net mask so that it uses

41.232.107.3/32
41.232.107.4/30
41.232.107.8/29
41.232.107.16/28
41.232.107.32/27
41.232.107.64/26
41.232.107.128/25
41.232.108.0/22
41.232.112.0/20
41.232.128.0/17
41.233.0.0/16
41.234.0.0/15
41.236.0.0/14
41.240.0.0/12
42.0.0.0/8
43.0.0.0/9
43.128.0.0/10
43.192.0.0/11
43.224.0.0/12
43.240.0.0/13
43.248.0.0/14
43.252.0.0/19
43.252.32.0/22
43.252.36.0/24
43.252.37.0/30
43.252.37.4/31
43.252.37.6/32


Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #3662: Signature with an IP range creates one IPOnlyCIDRItem by IP addressClosedPhilippe AntoineActions
Actions

Also available in: Atom PDF