Project

General

Profile

Actions

Security #6195

closed
VJ VJ

process exit in hyperscan error handling

Security #6195: process exit in hyperscan error handling

Added by Victor Julien almost 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Label:
CVE:
Git IDs:
Severity:
HIGH
Disclosure Date:

Description

A malformed rule can cause the process to exit due to hyperscan integration triggering a fatal error if hyperscan can't compile a pattern.

This can happen during a rule upgrade, which would exit the process. The process could then not start back up again until the offending rule is removed.

The issue would be mitigated by using a "test" step in the rule upgrade process. In this case the ruleset update would be rejected.


Subtasks 1 (0 open1 closed)

Security #6196: process exit in hyperscan error handling (6.0.x backport)ClosedVictor JulienActions

Related issues 1 (0 open1 closed)

Related to Suricata - Security #6122: lua: flag to disable lua supportClosedJason IshActions

OT Updated by OISF Ticketbot almost 3 years ago Actions #1

  • Subtask #6196 added

OT Updated by OISF Ticketbot almost 3 years ago Actions #2

  • Label deleted (Needs backport to 6.0)

VJ Updated by Victor Julien almost 3 years ago Actions #3

VJ Updated by Victor Julien almost 3 years ago Actions #4

  • Status changed from New to In Progress
  • Assignee changed from OISF Dev to Victor Julien

VJ Updated by Victor Julien almost 3 years ago Actions #5

  • Target version changed from 7.0.0 to 7.0.1

JL Updated by Jeff Lucovsky over 2 years ago Actions #6

I'll take a look at this; can you share the rule that causes hs compilation to fail?

VJ Updated by Victor Julien over 2 years ago Actions #7

I have a fix and test.

VJ Updated by Victor Julien over 2 years ago Actions #8

  • Status changed from In Progress to In Review

VJ Updated by Victor Julien over 2 years ago Actions #9

  • Severity changed from MODERATE to HIGH

VJ Updated by Victor Julien over 2 years ago Actions #10

  • Status changed from In Review to Resolved

VJ Updated by Victor Julien over 2 years ago Actions #12

  • Private changed from Yes to No
Actions

Also available in: PDF Atom