Project

General

Profile

Actions
Copy link

Bug #3776

closed
PA PA

Timeout in libhtp due to multiple responses with double lzma encoding

Bug #3776: Timeout in libhtp due to multiple responses with double lzma encoding

Added by Philippe Antoine almost 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
6.0.0rc1
Affected Versions:
5.0.3
Effort:
Difficulty:
Label:

Description

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23285

24k responses for 465 kilobytes, making sure each response is under the thresholds for compression bombs

Related issues 1 (0 open1 closed)

Related to Suricata - Task #3824: libhtp 0.5.34ClosedPhilippe AntoineActions

PA Updated by Philippe Antoine almost 6 years ago Actions
Copy link
 #1

  • Private changed from No to Yes

PA Updated by Philippe Antoine almost 6 years ago Actions
Copy link
 #2

  • Status changed from New to In Review

Gitlab PR

PA Updated by Philippe Antoine almost 6 years ago Actions
Copy link
 #3

PA Updated by Philippe Antoine over 5 years ago Actions
Copy link
 #4

  • Target version set to 6.0.0rc1

PA Updated by Philippe Antoine over 5 years ago Actions
Copy link
 #5

  • Private changed from Yes to No

This issue involves an evil client and an evil server which repeat the same pattern, expensive in terms of CPU
The evil server sends a HTTP response with two layers of lzma compression

Workaround is to set lzma-enabled: false in suricata.yaml (lzma-enabled is commented by default)
Another workaround is to set response-body-decompress-layer-limit: 1 in suricata.yaml (default value is 2)

Actions
Copy link

Also available in: PDF Atom