Project

General

Profile

Actions

Security #5023

closed

smtp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input

Added by Shivani Bhardwaj almost 3 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Label:
CVE:
Git IDs:

57a7cf7a0bcc9140a326c91a21e5d21fd2236f49
078c251deacc78b8abb40c5ab89d19c29e31bdf8
cf749fd450ca41dc001c2a1c10d8d17500dcedce
6e800a8548d9d2699589cac6afca3c0fa7613202
e7417a8e96fcd23fa9e3b529d7c2bbd7b3efb928

Severity:
HIGH
Disclosure Date:

Description

The code we tend to execute is

SCReturnStruct(APP_LAYER_INCOMPLETE(state->consumed, state->input_len + 1));

indefinitely.


Related issues 2 (0 open2 closed)

Copied to Suricata - Security #5027: smtp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd inputClosedShivani BhardwajActions
Copied to Suricata - Security #5028: smtp: GetLine function buffers data indefinitely if 0x0a was not found in the frag'd inputClosedShivani BhardwajActions
Actions

Also available in: Atom PDF