Actions
Security #6444
closedhttp1: quadratic complexity from infinite folded headers
Git IDs:
20ac301d801cdf01b3f021cca08a22a87f477c4a
Severity:
CRITICAL
Disclosure Date:
01/24/2024
Description
Found by oss-fuzz with quadfuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63600&q=label%3AProj-suricata
POC to reproduce is
GET / HTTP/1.1 Host: localhost Header: a b b b b
never stopping
Files
Updated by Philippe Antoine about 1 year ago
indeed, but the proposed fix is just in libhtp
Updated by Victor Julien about 1 year ago
- Label Needs backport to 6.0, Needs backport to 7.0 added
Updated by Victor Julien about 1 year ago
- Target version changed from 7.0.3 to 8.0.0-beta1
Updated by OISF Ticketbot about 1 year ago
- Label deleted (
Needs backport to 6.0)
Updated by OISF Ticketbot about 1 year ago
- Label deleted (
Needs backport to 7.0)
Updated by Victor Julien 11 months ago
- Severity changed from MODERATE to CRITICAL
Client only, easy to create attack traffic. So CRITICAL.
Updated by Victor Julien 10 months ago
- Status changed from In Review to Resolved
Updated by Victor Julien 10 months ago
- CVE set to 2024-23837
Issue is in libhtp and is fixed in libhtp 0.5.46.
Updated by Philippe Antoine 10 months ago
- Status changed from Resolved to Closed
- Git IDs updated (diff)
Updated by Victor Julien 10 months ago
Updated by Philippe Antoine 8 months ago
This did not affect libhtp-rs as it parses headers differently, avoiding the need to realloc for folded headers
Actions