Security #6660: http2: quadratic complexity in find_or_create_tx not bounded by max-tx (6.0.x backport) - Suricata - Open Information Security Foundation

Actions

Copy link

Security #6660

closed

Security #6481: http2: quadratic complexity in find_or_create_tx not bounded by max-tx

http2: quadratic complexity in find_or_create_tx not bounded by max-tx (6.0.x backport)

Added by OISF Ticketbot 4 months ago. Updated 2 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

6.0.16

Affected Versions:

Label:

CVE:

2024-23836

Git IDs:

b1549e930f6426eeff43f12b672337cbcda566b8

Severity:

LOW

Disclosure Date:

Actions

Copy link

Updated by Jason Ish 3 months ago

Severity changed from MODERATE to CRITICAL

Actions

Copy link

Updated by Jason Ish 3 months ago

Status changed from Assigned to In Review

Actions

Copy link

Updated by Victor Julien 3 months ago

Status changed from In Review to Resolved

Actions

Copy link

Updated by Victor Julien 3 months ago

CVE set to 2024-23836
Severity changed from CRITICAL to LOW

LOW severity as HTTP2 is considered experimental and disabled by default in 6.0.x.

Actions

Copy link

Updated by Philippe Antoine 3 months ago

Status changed from Resolved to Closed
Git IDs updated (diff)

Actions

Copy link

Updated by Victor Julien 2 months ago

Private changed from Yes to No

Actions

Copy link

Updated by Victor Julien 2 months ago

https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #6660

http2: quadratic complexity in find_or_create_tx not bounded by max-tx (6.0.x backport)

Updated by Jason Ish 3 months ago

Updated by Jason Ish 3 months ago

Updated by Victor Julien 3 months ago

Updated by Victor Julien 3 months ago

Updated by Philippe Antoine 3 months ago

Updated by Victor Julien 2 months ago

Updated by Victor Julien 2 months ago