Actions
Bug #6891
closed
PA
PA
sip: usage of Vec instead of Vecdeque leads to quadratic complexity on cleanup
Bug #6891:
sip: usage of Vec instead of Vecdeque leads to quadratic complexity on cleanup
Affected Versions:
Effort:
Difficulty:
Label:
Description
Found by oss-fuzz with quadfuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67597
I would rate this CRITICAL, but I am not sure it affects suricata 7 as the oss-fuzz bisect points to the addition of TCP for sip parsing...
PA Updated by Philippe Antoine about 2 years ago
- Subject changed from sip: unbounded number of transaction lead to quadratic complexity to sip: usage of Vic instead of Vecdeque leads to quadratic complexity on cleanup
- Affected Versions git main added
Indeed only for SIP/TCP as SIP/UDP parses only one transaction per packet, and it is considered as complete
PA Updated by Philippe Antoine about 2 years ago
- Subject changed from sip: usage of Vic instead of Vecdeque leads to quadratic complexity on cleanup to sip: usage of Vec instead of Vecdeque leads to quadratic complexity on cleanup
PA Updated by Philippe Antoine about 2 years ago
- Status changed from New to In Review
Gitlab MR
PA Updated by Philippe Antoine about 2 years ago
- Status changed from In Review to Closed
VJ Updated by Victor Julien almost 2 years ago
- Tracker changed from Security to Bug
- Severity deleted (
MODERATE) - Disclosure Date deleted (
06/24/2024)
Set to bug as it's not part of released code.
VJ Updated by Victor Julien almost 2 years ago
- Private changed from Yes to No
Actions