Actions
Security #7040
closeddefrag: id reuse can lead to invalid reassembly
Git IDs:
Severity:
CRITICAL
Disclosure Date:
Description
When 2 sets of fragments are sent with the same id in quick succession, the 2nd set may reuse the DefragTracker for the first set. This will lead to incorrect reassembly logic. An incomplete packet will be decoded, leading to decoder events and general policy bypass.
The issue is in DefragGetTrackerFromHash which does not respect the DefragTracker::remove field in all it's lookup paths.
Updated by OISF Ticketbot about 1 year ago
- Label deleted (
Needs backport to 6.0)
Updated by OISF Ticketbot about 1 year ago
- Label deleted (
Needs backport to 7.0)
Updated by Victor Julien about 1 year ago
- Status changed from In Progress to In Review
Issue is addressed as part of a refactoring here https://github.com/OISF/suricata/pull/11122
Updated by Victor Julien about 1 year ago
- Severity changed from MODERATE to CRITICAL
Updated by Victor Julien about 1 year ago
- Status changed from In Review to Resolved
Fixed as part of the general cleanups in:
Updated by Victor Julien about 1 year ago
- Status changed from Resolved to Closed
Updated by Juliana Fajardini Reichow 23 days ago
- Private changed from Yes to No
Actions