Security #6668: ip defrag: final overlapping packet can lead to "hole" in re-assembled data - Suricata - Open Information Security Foundation

Actions

Copy link

Security #6668

closed

ip defrag: final overlapping packet can lead to "hole" in re-assembled data

Added by Jason Ish 8 months ago. Updated 4 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Jason Ish

Target version:

8.0.0-beta1

Affected Versions:

6.0.15, 7.0.2

Label:

CVE:

2024-32867

Git IDs:

d0fd0782505d837e691ceef1b801776f0db82726

Severity:

MODERATE

Disclosure Date:

Description

This is covered in test: bsd/peos/test_361

Given a packet that covers regions M-N and has MF set to 0, but there is a still a hole before region M. Then another packet comes in and covers (M-1)-N, we could have a hole in the re-assembled as the packet received first comes first in the iteration of packets to be re-assembled, and we break on the MF flag being 0.

Instead we should iterate one more time, as the following packet may fill in the hole.

Subtasks 2 (0 open — 2 closed)