Security #5926: http2: evasion by splitting header fields over frames - Suricata - Open Information Security Foundation

Actions

Copy link

Security #5926

closed

http2: evasion by splitting header fields over frames

Added by Philippe Antoine about 1 year ago. Updated 2 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

8.0.0-beta1

Affected Versions:

Label:

CVE:

2024-24568

Git IDs:

aff54f29f8c3f583ae0524a661aa90dc7a2d3f92

Severity:

HIGH

Disclosure Date:

Description

Beginning in a headers frame, and continuing in so-called continuation frames, with reassembly needed to be done...

Then, we need to avoid quadratic complexity of Huffman decoding as golang CVE 2023-1571

Files

cont.pcap (2.53 KB) cont.pcap

Philippe Antoine, 12/19/2023 08:33 PM

Subtasks 2 (0 open — 2 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #5926

http2: evasion by splitting header fields over frames

Updated by Philippe Antoine 11 months ago

Updated by Philippe Antoine 5 months ago

Updated by Philippe Antoine 5 months ago

Updated by Philippe Antoine 4 months ago

Updated by Philippe Antoine 4 months ago

Updated by Philippe Antoine 4 months ago

Updated by Jason Ish 4 months ago

Updated by Philippe Antoine 4 months ago

Updated by Victor Julien 3 months ago

Updated by OISF Ticketbot 3 months ago

Updated by OISF Ticketbot 3 months ago

Updated by Jason Ish 3 months ago

Updated by OISF Ticketbot 3 months ago

Updated by OISF Ticketbot 3 months ago

Updated by Victor Julien 3 months ago

Updated by Philippe Antoine 3 months ago

Updated by Philippe Antoine 3 months ago

Updated by Victor Julien 2 months ago

Updated by Victor Julien 2 months ago