Project

General

Profile

Actions
Copy link

Security #5686

closed

decoder/tunnel: tunnel depth not limited properly

Added by Victor Julien over 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
7.0.0-rc1
Affected Versions:
Label:
CVE:
Git IDs:

03d049dadce71b5e751dddd3bfddd3a2ccf7a21d

Severity:
HIGH
Disclosure Date:

Description

Stacking many layers of IPv4 in IPv4, IPv6 over IPv4, etc results in severe performance degradation, possibly other problems.

Some of these layers will get their own flow tracking, so a single packet might create many flows, each leading to locking overhead, timeout handling, eve.flow records, etc.

Subtasks 1 (0 open1 closed)

Security #5688: decoder/tunnel: tunnel depth not limited properly (6.0.x backport)ClosedVictor JulienActions
Actions
Copy link
 #1

Updated by Victor Julien over 1 year ago

  • Subtask #5688 added
Actions
Copy link
 #2

Updated by Victor Julien over 1 year ago

  • Label deleted (Needs backport to 6.0)
Actions
Copy link
 #3

Updated by Victor Julien over 1 year ago

  • Status changed from In Progress to In Review
Actions
Copy link
 #4

Updated by Victor Julien over 1 year ago

  • Status changed from In Review to Closed
  • Git IDs updated (diff)
Actions
Copy link
 #5

Updated by Victor Julien about 1 year ago

  • Private changed from Yes to No
Actions
Copy link

Also available in: Atom PDF