Project

General

Profile

Actions

Bug #3853

closed

Multi-byte Heap buffer over-read in ssl parser

Added by Philippe Antoine over 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport, Needs backport to 4.1, Needs backport to 5.0

Description

Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24534

Problem is reuse of session_id_length in different contexts : SSLv2 and TLSv1.3


Related issues 2 (0 open2 closed)

Copied to Suricata - Bug #3941: Multi-byte Heap buffer over-read in ssl parserClosedShivani BhardwajActions
Copied to Suricata - Bug #3942: Multi-byte Heap buffer over-read in ssl parserClosedJeff LucovskyActions
Actions

Also available in: Atom PDF