Actions
Security #4486
closed
JL
JL
Security #4485: heap-buffer-overflow WRITE in InspectionBufferSetup with use of InspectionBufferGetMulti
Infinite loops in when using InspectionBufferMultipleForList
Security #4486:
Infinite loops in when using InspectionBufferMultipleForList
Git IDs:
fdc93130aaf9f4b97ad4ffa305f20d7b0b8be589
Severity:
MODERATE
Disclosure Date:
Description
From https://github.com/OISF/suricata/pull/5622#discussion_r626686822
POC is in #4476 once the buffer overflow gets fixed
Root cause is integer loss of precision casting local_id to uint16_t when there can more than 65536 buffers in a transaction
This may be not the case for dns.query as the maximum PDU length is 65536
But this is definitely the case for MQTT (subscribe topics) where Suricata default maximum PDU is 1Mbyte
JL Updated by Jeff Lucovsky almost 5 years ago
- Copied from Bug #4477: Infinite loops in when using InspectionBufferMultipleForList added
PA Updated by Philippe Antoine almost 5 years ago
- Assignee changed from Philippe Antoine to Jeff Lucovsky
- Target version changed from 7.0.0-beta1 to 5.0.6
JL Updated by Jeff Lucovsky almost 5 years ago
- Target version changed from 5.0.6 to 5.0.7
JL Updated by Jeff Lucovsky almost 5 years ago
- Status changed from New to In Progress
Cherry-pick(s):
- 31312a918acba597042bdc76701373bc7957b403
JL Updated by Jeff Lucovsky almost 5 years ago
- Status changed from In Progress to In Review
VJ Updated by Victor Julien almost 5 years ago
- Tracker changed from Bug to Security
- Severity set to MODERATE
VJ Updated by Victor Julien almost 5 years ago
- Status changed from In Review to Closed
- Affected Versions 5.0.6 added
- Affected Versions deleted (
6.0.2)
VJ Updated by Victor Julien almost 5 years ago
- Git IDs updated (diff)
VJ Updated by Victor Julien over 4 years ago
- Private changed from Yes to No
Actions