Security #6931: base64: off-by-three overflow in DecodeBase64() (6.0.x backport) - Suricata - Open Information Security Foundation

Actions

Copy link

Security #6931

closed

Security #6902: base64: off-by-three overflow in DecodeBase64()

base64: off-by-three overflow in DecodeBase64() (6.0.x backport)

Added by OISF Ticketbot 5 months ago. Updated 4 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

6.0.19

Affected Versions:

Label:

CVE:

2024-32664

Git IDs:

Severity:

CRITICAL

Disclosure Date:

Actions

Copy link

Updated by Victor Julien 5 months ago

Severity changed from MODERATE to CRITICAL

Actions

Copy link

Updated by Philippe Antoine 5 months ago

Severity is critical in master6, and not in later branches, because the limited overflow can overwrite different fields (in the case suricata was not built with NSS) and these fields which get used in the default configuration

Actions

Copy link

Updated by Victor Julien 5 months ago

Status changed from Assigned to Resolved

Actions

Copy link

Updated by Victor Julien 5 months ago

CVE set to 2024-32664

Actions

Copy link

Updated by Victor Julien 5 months ago

Status changed from Resolved to Closed

Actions

Copy link

Updated by Victor Julien 4 months ago

Private changed from Yes to No

https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #6931

base64: off-by-three overflow in DecodeBase64() (6.0.x backport)

Updated by Victor Julien 5 months ago

Updated by Philippe Antoine 5 months ago

Updated by Victor Julien 5 months ago

Updated by Victor Julien 5 months ago

Updated by Victor Julien 5 months ago

Updated by Victor Julien 4 months ago