Security #5926
closedhttp2: evasion by splitting header fields over frames
Added by Philippe Antoine about 3 years ago. Updated about 2 years ago.
aff54f29f8c3f583ae0524a661aa90dc7a2d3f92
Description
Beginning in a headers frame, and continuing in so-called continuation frames, with reassembly needed to be done...
Then, we need to avoid quadratic complexity of Huffman decoding as golang CVE 2023-1571
Files
PA Updated by Philippe Antoine almost 3 years ago Actions #1
- Target version changed from TBD to 8.0.0-beta1
PA Updated by Philippe Antoine over 2 years ago Actions #2
- Priority changed from Normal to Low
PA Updated by Philippe Antoine over 2 years ago Actions #3
PA Updated by Philippe Antoine about 2 years ago Actions #4
- Tracker changed from Bug to Security
- Severity set to MODERATE
Evasion is a security issue, right ? Which severity ?
An attacker can hide its HTTP2 headers to Suricata now...
PA Updated by Philippe Antoine about 2 years ago Actions #5
- Priority changed from Low to Normal
PA Updated by Philippe Antoine about 2 years ago Actions #6
- Status changed from New to In Review
Gitlab MR
JI Updated by Jason Ish about 2 years ago Actions #7
Philippe: Are backports required?
PA Updated by Philippe Antoine about 2 years ago Actions #8
Jason Ish wrote in #note-7:
Philippe: Are backports required?
I guess so.
That depends if this is assessed a security issue versus an evasion or a feature...
VJ Updated by Victor Julien about 2 years ago Actions #9
- Label Needs backport to 7.0 added
OT Updated by OISF Ticketbot about 2 years ago Actions #10
- Subtask #6717 added
OT Updated by OISF Ticketbot about 2 years ago Actions #11
- Label deleted (
Needs backport to 7.0)
JI Updated by Jason Ish about 2 years ago Actions #12
- Label Needs backport to 6.0 added
OT Updated by OISF Ticketbot about 2 years ago Actions #13
- Subtask #6751 added
OT Updated by OISF Ticketbot about 2 years ago Actions #14
- Label deleted (
Needs backport to 6.0)
VJ Updated by Victor Julien about 2 years ago Actions #15
- CVE set to 2024-24568
PA Updated by Philippe Antoine about 2 years ago Actions #16
- Status changed from In Review to Closed
- Git IDs updated (diff)
PA Updated by Philippe Antoine about 2 years ago Actions #17
- Severity changed from MODERATE to HIGH
not critical because does not fit
evasions with a wide scope are considered to be in-scope
But High as Tier 1
VJ Updated by Victor Julien about 2 years ago Actions #18
- Private changed from Yes to No