Security #6444: http1: quadratic complexity from infinite folded headers - Suricata - Open Information Security Foundation

Security #6444

Security #6444: http1: quadratic complexity from infinite folded headers

Target version:

Affected Versions:

20ac301d801cdf01b3f021cca08a22a87f477c4a

Disclosure Date:

Description

POC to reproduce is

GET / HTTP/1.1
Host: localhost
Header: a
 b
 b
 b
 b

never stopping

lol.pcap (1.11 MB) lol.pcap

Philippe Antoine, 11/08/2023 08:55 AM

Subtasks 2 (0 open — 2 closed)

History
Notes
Property changes

Also available in: PDF Atom

Suricata

Security #6444

Project

General

Profile

Suricata

Custom queries

Security #6444

http1: quadratic complexity from infinite folded headers

PA Updated by Philippe Antoine over 2 years ago ActionsCopy link #1

PA Updated by Philippe Antoine over 2 years ago ActionsCopy link #2

VJ Updated by Victor Julien over 2 years ago ActionsCopy link #3

PA Updated by Philippe Antoine over 2 years ago ActionsCopy link #4

VJ Updated by Victor Julien over 2 years ago ActionsCopy link #5

VJ Updated by Victor Julien over 2 years ago ActionsCopy link #6

OT Updated by OISF Ticketbot over 2 years ago ActionsCopy link #7

OT Updated by OISF Ticketbot over 2 years ago ActionsCopy link #8

OT Updated by OISF Ticketbot over 2 years ago ActionsCopy link #9

OT Updated by OISF Ticketbot over 2 years ago ActionsCopy link #10

PA Updated by Philippe Antoine over 2 years ago ActionsCopy link #11

VJ Updated by Victor Julien over 2 years ago ActionsCopy link #12

VJ Updated by Victor Julien over 2 years ago ActionsCopy link #13

VJ Updated by Victor Julien over 2 years ago ActionsCopy link #14

PA Updated by Philippe Antoine over 2 years ago ActionsCopy link #15

VJ Updated by Victor Julien about 2 years ago ActionsCopy link #16

VJ Updated by Victor Julien about 2 years ago ActionsCopy link #17

PA Updated by Philippe Antoine about 2 years ago ActionsCopy link #18

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
#1

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
#2

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#3

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
#4

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#5

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#6

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
#7

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
#8

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
#9

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
#10

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
#11

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#12

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#13

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#14

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
#15

VJ Updated by Victor Julien about 2 years ago Actions
Copy link
#16

VJ Updated by Victor Julien about 2 years ago Actions
Copy link
#17

PA Updated by Philippe Antoine about 2 years ago Actions
Copy link
#18