Project

General

Profile

Actions
Copy link

Security #4420

closed
JL JI

Heap-use-after-free READ 8 · JsonDNP3LoggerToClient

Security #4420: Heap-use-after-free READ 8 · JsonDNP3LoggerToClient

Added by Jeff Lucovsky about 5 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jason Ish
Target version:
6.0.3
Affected Versions:
6.0.2
Label:
CVE:
Git IDs:
Severity:
Disclosure Date:

Description

Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31549

Use after realloc
DNP3 seems the only one to use OutputJsonBuilderBuffer dangerously

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #4387: Heap-use-after-free READ 8 · JsonDNP3LoggerToClientClosedPhilippe AntoineActions

JL Updated by Jeff Lucovsky about 5 years ago Actions
Copy link
 #1

  • Copied from Bug #4387: Heap-use-after-free READ 8 · JsonDNP3LoggerToClient added

JI Updated by Jason Ish almost 5 years ago Actions
Copy link
 #2

The commit's to master are not applicable to 6.0 as master was fixed due to some other refactoring. For 6.0.x we can use Philippe's original fix for this issue:

https://gitlab.oisf.net/dev/suricata/-/merge_requests/184/diffs?commit_id=29337c81b072e8c6e23c4926e2d819eeb75ceb32

JI Updated by Jason Ish almost 5 years ago Actions
Copy link
 #4

  • Status changed from Assigned to In Review

SB Updated by Shivani Bhardwaj almost 5 years ago Actions
Copy link
 #5

  • Assignee changed from Shivani Bhardwaj to Jason Ish

VJ Updated by Victor Julien almost 5 years ago Actions
Copy link
 #6

  • Tracker changed from Bug to Security

VJ Updated by Victor Julien almost 5 years ago Actions
Copy link
 #7

  • Status changed from In Review to Closed

VJ Updated by Victor Julien over 4 years ago Actions
Copy link
 #8

  • Private changed from Yes to No
Actions
Copy link

Also available in: PDF Atom