Actions
Bug #6891
closedsip: usage of Vec instead of Vecdeque leads to quadratic complexity on cleanup
Affected Versions:
Effort:
Difficulty:
Label:
Description
Found by oss-fuzz with quadfuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67597
I would rate this CRITICAL, but I am not sure it affects suricata 7 as the oss-fuzz bisect points to the addition of TCP for sip parsing...
Updated by Philippe Antoine 8 months ago
- Subject changed from sip: unbounded number of transaction lead to quadratic complexity to sip: usage of Vic instead of Vecdeque leads to quadratic complexity on cleanup
- Affected Versions git master added
Indeed only for SIP/TCP as SIP/UDP parses only one transaction per packet, and it is considered as complete
Updated by Philippe Antoine 8 months ago
- Subject changed from sip: usage of Vic instead of Vecdeque leads to quadratic complexity on cleanup to sip: usage of Vec instead of Vecdeque leads to quadratic complexity on cleanup
Updated by Philippe Antoine 8 months ago
- Status changed from In Review to Closed
Updated by Victor Julien 7 months ago
- Tracker changed from Security to Bug
- Severity deleted (
MODERATE) - Disclosure Date deleted (
06/24/2024)
Set to bug as it's not part of released code.
Actions