Security #6477: SMTP: quadratic complexity from unbounded number of transaction per flow - Suricata - Open Information Security Foundation

Actions

Copy link

Security #6477

closed

SMTP: quadratic complexity from unbounded number of transaction per flow

Added by Philippe Antoine 6 months ago. Updated 2 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

8.0.0-beta1

Affected Versions:

Label:

CVE:

2024-23836

Git IDs:

8f73a0ac5588cb5e5c501b3c7a07cb5d35b99d92

Severity:

CRITICAL

Disclosure Date:

01/24/2024

Description

Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63603&q=label%3AProj-suricata

Subtasks 2 (0 open — 2 closed)

Actions

Copy link

Updated by Philippe Antoine 6 months ago

Status changed from New to In Review

Gitlab

Actions

Copy link

Updated by Victor Julien 5 months ago

Target version changed from 7.0.3 to 8.0.0-beta1
Label Needs backport to 7.0 added

Actions

Copy link

Updated by OISF Ticketbot 5 months ago

Subtask #6532 added

Actions

Copy link

Updated by OISF Ticketbot 5 months ago

Label deleted (~~Needs backport to 7.0~~)

Actions

Copy link

Updated by Philippe Antoine 4 months ago

Disclosure Date set to 01/24/2024

Actions

Copy link

Updated by Victor Julien 4 months ago

Severity changed from MODERATE to CRITICAL

CRITICAL as this can be used to slow down to the point of DoS.

Actions

Copy link

Updated by Victor Julien 4 months ago

Label Needs backport to 6.0 added

Actions

Copy link

Updated by OISF Ticketbot 4 months ago

Subtask #6659 added

Actions

Copy link

Updated by OISF Ticketbot 4 months ago

Label deleted (~~Needs backport to 6.0~~)

Actions

Copy link

#10

Updated by Victor Julien 3 months ago

Status changed from In Review to Resolved
CVE set to 2024-23836

Actions

Copy link

#11

Updated by Philippe Antoine 3 months ago

Status changed from Resolved to Closed
Git IDs updated (diff)

Actions

Copy link

#12

Updated by Victor Julien 2 months ago

Private changed from Yes to No

Actions

Copy link

#13

Updated by Victor Julien 2 months ago

https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #6477

SMTP: quadratic complexity from unbounded number of transaction per flow

Updated by Philippe Antoine 6 months ago

Updated by Victor Julien 5 months ago

Updated by OISF Ticketbot 5 months ago

Updated by OISF Ticketbot 5 months ago

Updated by Philippe Antoine 4 months ago

Updated by Victor Julien 4 months ago

Updated by Victor Julien 4 months ago

Updated by OISF Ticketbot 4 months ago

Updated by OISF Ticketbot 4 months ago

Updated by Victor Julien 3 months ago

Updated by Philippe Antoine 3 months ago

Updated by Victor Julien 2 months ago

Updated by Victor Julien 2 months ago