Actions
Bug #3840
closedInteger overflow in DetectContentPropagateLimits leading to unintended signature behavior
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport, Needs backport to 4.1, Needs backport to 5.0
Description
Found by oss-fuzz :
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24105
Reproducer isalert tcp any any -> any any (msg:"JllWorkAndNoPlay"; content:"threshoBoy"; content:"æ†≤<MrkBoyy"; distance:2147483647“id:0;)
distance:2147483647 is 0x7FFFFFFF aka INT32_MAX
This distance is used to compute a new offset but offset is uint16_t
Updated by Philippe Antoine over 4 years ago
- Status changed from New to In Review
- Assignee set to Philippe Antoine
Gitlab PR
Updated by Victor Julien over 4 years ago
- Status changed from In Review to Closed
- Private changed from Yes to No
Updated by Philippe Antoine over 4 years ago
- Status changed from Closed to In Review
Merged commit https://github.com/OISF/suricata/pull/5242/commits/a99ad4c1e4251c8a4a667d613ccb1fb334a9b268 only fixes a subset of the problem
Updated by Victor Julien over 4 years ago
- Status changed from In Review to Closed
Updated by Jeff Lucovsky about 4 years ago
- Copied to Bug #3936: Integer overflow in DetectContentPropagateLimits leading to unintended signature behavior added
Updated by Jeff Lucovsky about 4 years ago
- Copied to Bug #3937: Integer overflow in DetectContentPropagateLimits leading to unintended signature behavior added
Updated by Jeff Lucovsky about 4 years ago
This commit also needed in backports https://github.com/OISF/suricata/commit/a99ad4c1e4251c8a4a667d613ccb1fb334a9b268
Actions