Actions
Bug #6080
closedpgsql/probe: TCP on 5432 traffic incorrectly tagged as PGSQL
Affected Versions:
Effort:
Difficulty:
Label:
Description
https://github.com/OISF/suricata/pull/8892#issuecomment-1552379497 shows Suricata incorrectly tagging 5432 over TCP traffic as PGSQL.
The traffic itself doesn't show PGSQL characteristics.
Pcap was shared privately as it's tlp-red.
Updated by Juliana Fajardini Reichow over 1 year ago
- Status changed from New to Assigned
Updated by Juliana Fajardini Reichow over 1 year ago
- Target version changed from 7.0.0-rc2 to 7.0.0
Updated by Victor Julien over 1 year ago
- Target version changed from 7.0.0 to 8.0.0-beta1
Updated by Philippe Antoine about 1 year ago
- Related to Security #6411: pgsql: quadratic complexity leads to over consumption of memory added
Updated by Philippe Antoine about 1 year ago
Fix is
- in case parser::pgsql_parse_response(input).is_ok()
also check that this is not PgsqlBEMessage::UnknownMessageType
- also deduplicate header parsing (identifier, and length) so that it is also used for this unknown type (that is https://gitlab.oisf.net/dev/suricata/-/merge_requests/676/diffs?commit_id=123f35b2d4785794f25a1b7e28e8b633269d76cb )
Updated by OISF Ticketbot about 1 year ago
- Label deleted (
Needs backport to 7.0)
Updated by Juliana Fajardini Reichow about 1 year ago
- Status changed from Assigned to In Review
PR for review: https://github.com/OISF/suricata/pull/9881
Updated by Juliana Fajardini Reichow about 1 year ago
- Status changed from In Review to Resolved
Merged PR: https://github.com/OISF/suricata/pull/9918
Updated by Juliana Fajardini Reichow about 1 year ago
- Status changed from Resolved to Closed
Actions