Security #5023: smtp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input - Suricata - Open Information Security Foundation

Actions

Copy link

Security #5023

closed

smtp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input

Added by Shivani Bhardwaj over 2 years ago. Updated over 1 year ago.

Status:

Closed

Priority:

Normal

Assignee:

Shivani Bhardwaj

Target version:

7.0.0-beta1

Affected Versions:

Label:

CVE:

Git IDs:

57a7cf7a0bcc9140a326c91a21e5d21fd2236f49
078c251deacc78b8abb40c5ab89d19c29e31bdf8
cf749fd450ca41dc001c2a1c10d8d17500dcedce
6e800a8548d9d2699589cac6afca3c0fa7613202
e7417a8e96fcd23fa9e3b529d7c2bbd7b3efb928

Severity:

HIGH

Disclosure Date:

Description

The code we tend to execute is

SCReturnStruct(APP_LAYER_INCOMPLETE(state->consumed, state->input_len + 1));

indefinitely.

Related issues 2 (0 open — 2 closed)

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #5023

smtp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input

Updated by Shivani Bhardwaj over 2 years ago

Updated by Shivani Bhardwaj over 2 years ago

Updated by Shivani Bhardwaj over 2 years ago

Updated by Victor Julien about 2 years ago

Updated by Shivani Bhardwaj about 2 years ago

Updated by Victor Julien about 2 years ago

Updated by Victor Julien over 1 year ago