Actions
Bug #7019
closed
PA
PA
snmp: probing parser returns ALPROTO_FAILED instead of ALPROTO_UNKNOWN if slice.len() < 4
Bug #7019:
snmp: probing parser returns ALPROTO_FAILED instead of ALPROTO_UNKNOWN if slice.len() < 4
Affected Versions:
Effort:
Difficulty:
Label:
Beginner, Good First Issue, Needs Suricata-Verify test, Protocol, Rust
Description
Found with https://github.com/OISF/suricata/pull/11062
This would allow protocol detection evasion on TCP by splitting the PDU into a first small slice and the rest once the first packet is packed
There may be other protocols to check.
PA Updated by Philippe Antoine almost 2 years ago
- Subject changed from snmp: robin parser returns ALPROTO_FAILED instead of ALPROTO_UNKNOWN if slice.len() < 4 to snmp: probing parser returns ALPROTO_FAILED instead of ALPROTO_UNKNOWN if slice.len() < 4
PA Updated by Philippe Antoine almost 2 years ago
- Label Beginner, Good First Issue, Needs Suricata-Verify test, Protocol, Rust added
Easy fix, hard thing is to craft a pcap for testing
PA Updated by Philippe Antoine almost 2 years ago
I think this one can be postponed after 8
VJ Updated by Victor Julien about 1 year ago
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
PA Updated by Philippe Antoine 11 months ago
- Status changed from New to In Review
- Assignee changed from OISF Dev to Philippe Antoine
PA Updated by Philippe Antoine 11 months ago
- Status changed from In Review to Resolved
- Label Needs backport to 7.0 added
OT Updated by OISF Ticketbot 11 months ago
- Subtask #7716 added
OT Updated by OISF Ticketbot 11 months ago
- Label deleted (
Needs backport to 7.0)
PA Updated by Philippe Antoine 11 months ago
- Status changed from Resolved to Closed
Actions