Security #6900
closedhttp2: timeout logging headers
Added by Philippe Antoine about 2 years ago. Updated almost 2 years ago.
03442c9071b8d863d26b609d54c6eacf4de9e340
Description
Found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67661
Investigating more in this issue
PA Updated by Philippe Antoine about 2 years ago Actions #1
- Related to Bug #6846: eve/alerts: wrongly using tx id 0 when there is no tx added
PA Updated by Philippe Antoine about 2 years ago Actions #2
Fix for #6846 fixes this timeout because we get multiple alerts for sid 2210045 and 2210029 which logs http2 app-layer data when it should not
PA Updated by Philippe Antoine about 2 years ago Actions #3
- Related to Security #6892: http2: oom on copying compressed headers added
PA Updated by Philippe Antoine about 2 years ago Actions #4
http2 logging does not take too much time because a single field is too long, but we log 35367 headers.
This get bad because of http2 headers compression where one byte in the network can refer up to HTTP2_MAX_TABLESIZE (65536 by default, configurable with app-layer.protocols.http2.max-table-size bytes previously seen on the network.
PA Updated by Philippe Antoine about 2 years ago Actions #5
I guess this is critical
PA Updated by Philippe Antoine about 2 years ago Actions #6
- Status changed from New to In Review
- Label Needs backport to 7.0 added
OT Updated by OISF Ticketbot about 2 years ago Actions #7
- Subtask #6901 added
OT Updated by OISF Ticketbot about 2 years ago Actions #8
- Label deleted (
Needs backport to 7.0)
PA Updated by Philippe Antoine about 2 years ago Actions #9
- Related to Security #6770: log: arbitrary-length value can be logged added
VJ Updated by Victor Julien about 2 years ago Actions #10
- CVE set to 2024-32663
VJ Updated by Victor Julien about 2 years ago Actions #11
- Label Needs backport to 6.0 added
OT Updated by OISF Ticketbot about 2 years ago Actions #12
- Subtask #6978 added
OT Updated by OISF Ticketbot about 2 years ago Actions #13
- Label deleted (
Needs backport to 6.0)
VJ Updated by Victor Julien about 2 years ago Actions #14
- Severity changed from MODERATE to HIGH
VJ Updated by Victor Julien about 2 years ago Actions #15
- Status changed from In Review to Closed
- Git IDs updated (diff)
PA Updated by Philippe Antoine almost 2 years ago Actions #16
- Related to Bug #6973: detect: log relevant frames app-layer metdata added
PA Updated by Philippe Antoine almost 2 years ago ยท Edited Actions #17
For info, the oss-fuzz report is still open until #6848 gets solved
VJ Updated by Victor Julien almost 2 years ago Actions #18
- Private changed from Yes to No
PA Updated by Philippe Antoine almost 2 years ago Actions #19
- Related to Security #7104: http2: oom from duplicate headers added