Security #5926: http2: evasion by splitting header fields over frames - Suricata - Open Information Security Foundation

Actions

Copy link

Security #5926

closed

http2: evasion by splitting header fields over frames

Added by Philippe Antoine over 1 year ago. Updated 10 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

8.0.0-beta1

Affected Versions:

Label:

CVE:

2024-24568

Git IDs:

aff54f29f8c3f583ae0524a661aa90dc7a2d3f92

Severity:

HIGH

Disclosure Date:

Description

Beginning in a headers frame, and continuing in so-called continuation frames, with reassembly needed to be done...

Then, we need to avoid quadratic complexity of Huffman decoding as golang CVE 2023-1571

Files

cont.pcap (2.53 KB) cont.pcap

Philippe Antoine, 12/19/2023 08:33 PM

Subtasks 2 (0 open — 2 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #5926

http2: evasion by splitting header fields over frames

Updated by Philippe Antoine over 1 year ago

Updated by Philippe Antoine about 1 year ago

Updated by Philippe Antoine 12 months ago

Updated by Philippe Antoine 11 months ago

Updated by Philippe Antoine 11 months ago

Updated by Philippe Antoine 11 months ago

Updated by Jason Ish 11 months ago

Updated by Philippe Antoine 11 months ago

Updated by Victor Julien 11 months ago

Updated by OISF Ticketbot 11 months ago

Updated by OISF Ticketbot 11 months ago

Updated by Jason Ish 11 months ago

Updated by OISF Ticketbot 11 months ago

Updated by OISF Ticketbot 11 months ago

Updated by Victor Julien 10 months ago

Updated by Philippe Antoine 10 months ago

Updated by Philippe Antoine 10 months ago

Updated by Victor Julien 10 months ago

Updated by Victor Julien 10 months ago