Actions
Bug #3776
closedTimeout in libhtp due to multiple responses with double lzma encoding
Affected Versions:
Effort:
Difficulty:
Label:
Description
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23285
24k responses for 465 kilobytes, making sure each response is under the thresholds for compression bombs
Updated by Philippe Antoine over 4 years ago
- Related to Task #3824: libhtp 0.5.34 added
Updated by Philippe Antoine over 4 years ago
- Private changed from Yes to No
This issue involves an evil client and an evil server which repeat the same pattern, expensive in terms of CPU
The evil server sends a HTTP response with two layers of lzma compression
Workaround is to set lzma-enabled: false
in suricata.yaml (lzma-enabled is commented by default)
Another workaround is to set response-body-decompress-layer-limit: 1
in suricata.yaml (default value is 2)
Updated by Philippe Antoine over 4 years ago
- Status changed from In Review to Closed
Actions