Project

General

Profile

Actions

Bug #4530

closed

DOS Quadratic complexity when having too many transactions

Added by Philippe Antoine over 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Kind of found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35195

This is true for protocols such as MQTT, Modbus or HTTP2, where each packet/PDU has a transaction identifier (called stream for HTTP2), and we loop over our whole list of transactions to find the right one.
Attack si to start many requests, and do not finish them, so that Suricata keeps them.

There may be more protocols


Related issues 2 (0 open2 closed)

Related to Suricata - Task #4721: http2: enable by defaultClosedPhilippe AntoineActions
Related to Suricata - Security #5399: mqtt: DOS by quadratic with too many transactions in one parseClosedOISF DevActions
Actions

Also available in: Atom PDF