Actions
Bug #7019
closedsnmp: probing parser returns ALPROTO_FAILED instead of ALPROTO_UNKNOWN if slice.len() < 4
Affected Versions:
Effort:
Difficulty:
Label:
Beginner, Good First Issue, Needs Suricata-Verify test, Protocol, Rust
Description
Found with https://github.com/OISF/suricata/pull/11062
This would allow protocol detection evasion on TCP by splitting the PDU into a first small slice and the rest once the first packet is packed
There may be other protocols to check.
Actions