Project

General

Profile

Actions
Copy link

Bug #6891

closed

sip: usage of Vec instead of Vecdeque leads to quadratic complexity on cleanup

Added by Philippe Antoine 7 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
8.0.0-beta1
Affected Versions:
git master
Effort:
Difficulty:
Label:

Description

Found by oss-fuzz with quadfuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67597

I would rate this CRITICAL, but I am not sure it affects suricata 7 as the oss-fuzz bisect points to the addition of TCP for sip parsing...

Actions
Copy link

Also available in: Atom PDF