Security #6931: base64: off-by-three overflow in DecodeBase64() (6.0.x backport) - Suricata - Open Information Security Foundation

Actions

Copy link

Security #6931

closed

Security #6902: base64: off-by-three overflow in DecodeBase64()

base64: off-by-three overflow in DecodeBase64() (6.0.x backport)

Added by OISF Ticketbot 12 months ago. Updated 11 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

6.0.19

Affected Versions:

Label:

CVE:

2024-32664

Git IDs:

Severity:

CRITICAL

Disclosure Date:

Actions

Copy link

Updated by Victor Julien 12 months ago

Severity changed from MODERATE to CRITICAL

Actions

Copy link

Updated by Philippe Antoine 12 months ago

Severity is critical in master6, and not in later branches, because the limited overflow can overwrite different fields (in the case suricata was not built with NSS) and these fields which get used in the default configuration

Actions

Copy link

Updated by Victor Julien 11 months ago

Status changed from Assigned to Resolved

Actions

Copy link

Updated by Victor Julien 11 months ago

CVE set to 2024-32664

Actions

Copy link

Updated by Victor Julien 11 months ago

Status changed from Resolved to Closed

Actions

Copy link

Updated by Victor Julien 11 months ago

Private changed from Yes to No

https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7

Actions

Copy link

Also available in: Atom PDF

Project

General

Custom queries

Profile

Suricata

Security #6931

base64: off-by-three overflow in DecodeBase64() (6.0.x backport)

Updated by Victor Julien 12 months ago

Updated by Philippe Antoine 12 months ago

Updated by Victor Julien 11 months ago

Updated by Victor Julien 11 months ago

Updated by Victor Julien 11 months ago

Updated by Victor Julien 11 months ago