Project

General

Profile

Actions
Copy link

Bug #3853

closed
PA PA

Multi-byte Heap buffer over-read in ssl parser

Bug #3853: Multi-byte Heap buffer over-read in ssl parser

Added by Philippe Antoine over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
6.0.0
Affected Versions:
6.0.0beta1, 6.0.0rc1
Effort:
Difficulty:
Label:
Needs backport, Needs backport to 4.1, Needs backport to 5.0

Description

Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24534

Problem is reuse of session_id_length in different contexts : SSLv2 and TLSv1.3

Related issues 2 (0 open2 closed)

Copied to Suricata - Bug #3941: Multi-byte Heap buffer over-read in ssl parserClosedShivani BhardwajActions
Copied to Suricata - Bug #3942: Multi-byte Heap buffer over-read in ssl parserClosedJeff LucovskyActions

PA Updated by Philippe Antoine over 5 years ago Actions
Copy link
 #1

  • Status changed from Assigned to In Review

Gitlab MR

PA Updated by Philippe Antoine over 5 years ago Actions
Copy link
 #2

  • Target version set to 6.0.0rc1

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
 #3

  • Target version changed from 6.0.0rc1 to 6.0.0
  • Affected Versions 6.0.0rc1 added

JL Updated by Jeff Lucovsky over 5 years ago Actions
Copy link
 #4

  • Copied to Bug #3941: Multi-byte Heap buffer over-read in ssl parser added

JL Updated by Jeff Lucovsky over 5 years ago Actions
Copy link
 #5

  • Copied to Bug #3942: Multi-byte Heap buffer over-read in ssl parser added

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
 #6

  • Status changed from In Review to Closed

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
 #7

  • Private changed from Yes to No
Actions
Copy link

Also available in: PDF Atom