Actions
Security #6866
closed
VJ
PA
eve: excessive ssh long banner logging
Security #6866:
eve: excessive ssh long banner logging
Git IDs:
Severity:
HIGH
Disclosure Date:
02/19/2024
Description
Found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64345&q=label%3AProj-suricata&can=2
Fuzz target triggers the following rulealert tcp any any -> any any (msg:"SURICATA STREAM ESTABLISHED packet out of window"; stream-event:est_packet_out_of_window; classtype:protocol-command-decode; sid:2210020; rev:2;)
on many packets leading to most time spent in jsonbuild set_string_from_bytes (doing escaping on binary buffer) for dummy overlong ssh software version
Files
VJ Updated by Victor Julien about 2 years ago
- Copied from Security #6770: log: arbitrary-length value can be logged added
OT Updated by OISF Ticketbot about 2 years ago
- Subtask #6867 added
OT Updated by OISF Ticketbot about 2 years ago
- Label deleted (
Needs backport to 6.0)
OT Updated by OISF Ticketbot about 2 years ago
- Subtask #6868 added
OT Updated by OISF Ticketbot about 2 years ago
- Label deleted (
Needs backport to 7.0)
PA Updated by Philippe Antoine about 2 years ago
Why is this marked as resolved ?
VJ Updated by Victor Julien about 2 years ago
- Status changed from Resolved to Closed
VJ Updated by Victor Julien about 2 years ago
- Private changed from Yes to No
Actions