Project

General

Profile

Actions

Security #5028

closed

smtp: GetLine function buffers data indefinitely if 0x0a was not found in the frag'd input

Added by Shivani Bhardwaj almost 3 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Label:
CVE:
Git IDs:

412b77cc8c970fedc3b13bb24ad4af88eb65a631

Severity:
MODERATE
Disclosure Date:

Description

The code we tend to execute is

SCReturnStruct(APP_LAYER_INCOMPLETE(state->consumed, state->input_len + 1));

indefinitely.


Related issues 1 (0 open1 closed)

Copied from Suricata - Security #5023: smtp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd inputClosedShivani BhardwajActions
Actions #1

Updated by Shivani Bhardwaj almost 3 years ago

  • Copied from Security #5023: smtp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input added
Actions #2

Updated by Shivani Bhardwaj almost 3 years ago

  • Assignee changed from Shivani Bhardwaj to Jeff Lucovsky

The fix will have to be backported from 6.0.x and not master

Actions #3

Updated by Jeff Lucovsky over 2 years ago

  • Status changed from Assigned to In Progress
Actions #4

Updated by Shivani Bhardwaj over 2 years ago

  • Status changed from In Progress to In Review
  • Assignee changed from Jeff Lucovsky to Shivani Bhardwaj
Actions #5

Updated by Victor Julien over 2 years ago

  • Status changed from In Review to Resolved

Fix staged.

Actions #6

Updated by Victor Julien over 2 years ago

  • Tracker changed from Bug to Security
  • Severity set to MODERATE
Actions #7

Updated by Jason Ish over 2 years ago

  • Status changed from Resolved to Closed
  • Git IDs updated (diff)
Actions #8

Updated by Victor Julien about 2 years ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF