Security #6900: http2: timeout logging headers - Suricata - Open Information Security Foundation

Custom queries

Good First Issues
OISF community

Actions

Copy link

Security #6900

closed

http2: timeout logging headers

Added by Philippe Antoine 3 months ago. Updated about 2 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

8.0.0-beta1

Affected Versions:

Label:

CVE:

2024-32663

Git IDs:

03442c9071b8d863d26b609d54c6eacf4de9e340

Severity:

HIGH

Disclosure Date:

06/28/2024

Description

Found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67661

Investigating more in this issue

Subtasks 2 (0 open — 2 closed)

	Security #6901: http2: timeout logging headers (7.0.x backport)	Closed	Philippe Antoine				Actions
	Security #6978: http2: timeout logging headers (6.0.x backport)	Closed	Philippe Antoine				Actions

Related issues 1 (0 open — 1 closed)

Related to Suricata - Security #6892: http2: oom on copying compressed headers

Closed

Philippe Antoine

Actions

Issue # Delay: days Cancel

History
Notes
Property changes

Actions

Copy link

Updated by Philippe Antoine 3 months ago

Fix for #6846 fixes this timeout because we get multiple alerts for sid 2210045 and 2210029 which logs http2 app-layer data when it should not

Actions

Copy link

Updated by Philippe Antoine 3 months ago

Related to Security #6892: http2: oom on copying compressed headers added

Actions

Copy link

Updated by Philippe Antoine 3 months ago

http2 logging does not take too much time because a single field is too long, but we log 35367 headers.

This get bad because of http2 headers compression where one byte in the network can refer up to HTTP2_MAX_TABLESIZE (65536 by default, configurable with app-layer.protocols.http2.max-table-size bytes previously seen on the network.

Actions

Copy link