Project

General

Profile

Actions

Bug #4288

closed

Mismatch between capture and outputs in rules leads to seg fault

Added by Jeff Lucovsky almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
low
Label:

Description

Parsing bug: Given 2 or more outputs for one capture in the regex, there will be a segmentation fault.

For example,

alert tcp any any -> any any (msg:"get username in nntp"; \

content:"USER"; \
pcre: "/AUTHINFO USER\r\n/i, pkt:nntp_username, pkt:nntp_password";\
sid:2000020;\
gid:100;)

Files

bug2.png (34.5 KB) bug2.png Shawn Yao, 01/12/2021 05:18 AM
bug1.png (41.2 KB) bug1.png Shawn Yao, 01/12/2021 05:18 AM

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #4261: Mismatch between capture and outputs in rules leads to seg faultClosedJeff LucovskyActions
Actions

Also available in: Atom PDF