Project

General

Profile

Actions

Bug #3840

closed

Integer overflow in DetectContentPropagateLimits leading to unintended signature behavior

Added by Philippe Antoine over 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport, Needs backport to 4.1, Needs backport to 5.0

Description

Found by oss-fuzz :
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24105

Reproducer is
alert tcp any any -> any any (msg:"JllWorkAndNoPlay"; content:"threshoBoy"; content:"æ†≤<MrkBoyy"; distance:2147483647“id:0;)

distance:2147483647 is 0x7FFFFFFF aka INT32_MAX

This distance is used to compute a new offset but offset is uint16_t


Related issues 2 (0 open2 closed)

Copied to Suricata - Bug #3936: Integer overflow in DetectContentPropagateLimits leading to unintended signature behaviorClosedShivani BhardwajActions
Copied to Suricata - Bug #3937: Integer overflow in DetectContentPropagateLimits leading to unintended signature behaviorClosedJeff LucovskyActions
Actions #1

Updated by Philippe Antoine over 4 years ago

  • Status changed from New to In Review
  • Assignee set to Philippe Antoine

Gitlab PR

Actions #2

Updated by Victor Julien over 4 years ago

  • Status changed from In Review to Closed
  • Private changed from Yes to No
Actions #3

Updated by Philippe Antoine over 4 years ago

  • Status changed from Closed to In Review
Actions #5

Updated by Jeff Lucovsky over 4 years ago

  • Copied to Bug #3936: Integer overflow in DetectContentPropagateLimits leading to unintended signature behavior added
Actions #6

Updated by Jeff Lucovsky over 4 years ago

  • Copied to Bug #3937: Integer overflow in DetectContentPropagateLimits leading to unintended signature behavior added
Actions

Also available in: Atom PDF