Project

General

Profile

Actions
Copy link

Security #6900

closed
PA PA

http2: timeout logging headers

Security #6900: http2: timeout logging headers

Added by Philippe Antoine about 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
8.0.0-beta1
Affected Versions:
Label:
CVE:
2024-32663
Git IDs:

03442c9071b8d863d26b609d54c6eacf4de9e340

Severity:
HIGH
Disclosure Date:
06/28/2024

Description

Found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67661

Investigating more in this issue

Subtasks 2 (0 open2 closed)

Security #6901: http2: timeout logging headers (7.0.x backport)ClosedPhilippe AntoineActions
Security #6978: http2: timeout logging headers (6.0.x backport)ClosedPhilippe AntoineActions

Related issues 5 (0 open5 closed)

Related to Suricata - Bug #6846: eve/alerts: wrongly using tx id 0 when there is no txClosedPhilippe AntoineActions
Related to Suricata - Security #6892: http2: oom on copying compressed headersClosedPhilippe AntoineActions
Related to Suricata - Security #6770: log: arbitrary-length value can be loggedClosedOISF DevActions
Related to Suricata - Bug #6973: detect: log relevant frames app-layer metdataClosedPhilippe AntoineActions
Related to Suricata - Security #7104: http2: oom from duplicate headersClosedPhilippe AntoineActions

PA Updated by Philippe Antoine about 2 years ago Actions
Copy link
 #1

  • Related to Bug #6846: eve/alerts: wrongly using tx id 0 when there is no tx added

PA Updated by Philippe Antoine about 2 years ago Actions
Copy link
 #2

Fix for #6846 fixes this timeout because we get multiple alerts for sid 2210045 and 2210029 which logs http2 app-layer data when it should not

PA Updated by Philippe Antoine about 2 years ago Actions
Copy link
 #3

  • Related to Security #6892: http2: oom on copying compressed headers added

PA Updated by Philippe Antoine about 2 years ago Actions
Copy link
 #4

http2 logging does not take too much time because a single field is too long, but we log 35367 headers.

This get bad because of http2 headers compression where one byte in the network can refer up to HTTP2_MAX_TABLESIZE (65536 by default, configurable with app-layer.protocols.http2.max-table-size bytes previously seen on the network.

PA Updated by Philippe Antoine about 2 years ago Actions
Copy link
 #5

I guess this is critical

PA Updated by Philippe Antoine about 2 years ago Actions
Copy link
 #6

  • Status changed from New to In Review
  • Label Needs backport to 7.0 added

OT Updated by OISF Ticketbot about 2 years ago Actions
Copy link
 #7

  • Subtask #6901 added

OT Updated by OISF Ticketbot about 2 years ago Actions
Copy link
 #8

  • Label deleted (Needs backport to 7.0)

PA Updated by Philippe Antoine about 2 years ago Actions
Copy link
 #9

  • Related to Security #6770: log: arbitrary-length value can be logged added

VJ Updated by Victor Julien almost 2 years ago Actions
Copy link
 #10

  • CVE set to 2024-32663

VJ Updated by Victor Julien almost 2 years ago Actions
Copy link
 #11

  • Label Needs backport to 6.0 added

OT Updated by OISF Ticketbot almost 2 years ago Actions
Copy link
 #12

  • Subtask #6978 added

OT Updated by OISF Ticketbot almost 2 years ago Actions
Copy link
 #13

  • Label deleted (Needs backport to 6.0)

VJ Updated by Victor Julien almost 2 years ago Actions
Copy link
 #14

  • Severity changed from MODERATE to HIGH

VJ Updated by Victor Julien almost 2 years ago Actions
Copy link
 #15

  • Status changed from In Review to Closed
  • Git IDs updated (diff)

PA Updated by Philippe Antoine almost 2 years ago Actions
Copy link
 #16

  • Related to Bug #6973: detect: log relevant frames app-layer metdata added

PA Updated by Philippe Antoine almost 2 years ago ยท Edited Actions
Copy link
 #17

For info, the oss-fuzz report is still open until #6848 gets solved

PA Updated by Philippe Antoine almost 2 years ago Actions
Copy link
 #19

Actions
Copy link

Also available in: PDF Atom