Actions
Security #7040
closed
VJ
VJ
defrag: id reuse can lead to invalid reassembly
Security #7040:
defrag: id reuse can lead to invalid reassembly
Git IDs:
Severity:
CRITICAL
Disclosure Date:
Description
When 2 sets of fragments are sent with the same id in quick succession, the 2nd set may reuse the DefragTracker for the first set. This will lead to incorrect reassembly logic. An incomplete packet will be decoded, leading to decoder events and general policy bypass.
The issue is in DefragGetTrackerFromHash which does not respect the DefragTracker::remove field in all it's lookup paths.
OT Updated by OISF Ticketbot almost 2 years ago
- Subtask #7041 added
OT Updated by OISF Ticketbot almost 2 years ago
- Label deleted (
Needs backport to 6.0)
OT Updated by OISF Ticketbot almost 2 years ago
- Subtask #7042 added
OT Updated by OISF Ticketbot almost 2 years ago
- Label deleted (
Needs backport to 7.0)
VJ Updated by Victor Julien almost 2 years ago
- Status changed from In Progress to In Review
Issue is addressed as part of a refactoring here https://github.com/OISF/suricata/pull/11122
VJ Updated by Victor Julien almost 2 years ago
- Severity changed from MODERATE to CRITICAL
VJ Updated by Victor Julien almost 2 years ago
- Status changed from In Review to Resolved
Fixed as part of the general cleanups in:
VJ Updated by Victor Julien almost 2 years ago
- CVE set to 2024-37151
VJ Updated by Victor Julien almost 2 years ago
- Status changed from Resolved to Closed
JF Updated by Juliana Fajardini Reichow 9 months ago
- Private changed from Yes to No
Actions