Security #6195: process exit in hyperscan error handling - Suricata - Open Information Security Foundation

Actions

Copy link

Security #6195

closed

process exit in hyperscan error handling

Added by Victor Julien 11 months ago. Updated 7 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

7.0.1

Affected Versions:

Label:

CVE:

Git IDs:

Severity:

HIGH

Disclosure Date:

Description

A malformed rule can cause the process to exit due to hyperscan integration triggering a fatal error if hyperscan can't compile a pattern.

This can happen during a rule upgrade, which would exit the process. The process could then not start back up again until the offending rule is removed.

The issue would be mitigated by using a "test" step in the rule upgrade process. In this case the ruleset update would be rejected.

Subtasks 1 (0 open — 1 closed)

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #6195

process exit in hyperscan error handling

Updated by OISF Ticketbot 11 months ago

Updated by OISF Ticketbot 11 months ago

Updated by Victor Julien 11 months ago

Updated by Victor Julien 11 months ago

Updated by Victor Julien 10 months ago

Updated by Jeff Lucovsky 10 months ago

Updated by Victor Julien 10 months ago

Updated by Victor Julien 9 months ago

Updated by Victor Julien 8 months ago

Updated by Victor Julien 8 months ago

Updated by Victor Julien 8 months ago

Updated by Victor Julien 7 months ago