Project

General

Profile

Actions
Copy link

Security #7104

closed

http2: oom from duplicate headers

Added by Philippe Antoine about 1 year ago. Updated 10 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
8.0.0-beta1
Affected Versions:
Label:
CVE:
2024-38535
Git IDs:
Severity:
CRITICAL
Disclosure Date:
09/16/2024

Description

Found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69680

Subtasks 2 (0 open2 closed)

Security #7105: http2: oom from duplicate headers (7.0.x backport)ClosedPhilippe AntoineActions
Security #7112: http2: oom from duplicate headers (6.0.x backport)ClosedPhilippe AntoineActions

Related issues 1 (0 open1 closed)

Related to Suricata - Security #6900: http2: timeout logging headersClosedPhilippe AntoineActions
Actions
Copy link
 #1

Updated by Philippe Antoine about 1 year ago

Actions
Copy link
 #2

Updated by OISF Ticketbot about 1 year ago

  • Subtask #7105 added
Actions
Copy link
 #3

Updated by OISF Ticketbot about 1 year ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link
 #4

Updated by Philippe Antoine about 1 year ago

  • Status changed from New to In Review

gitlab MR

Actions
Copy link
 #5

Updated by Victor Julien about 1 year ago

  • Severity changed from MODERATE to CRITICAL
Actions
Copy link
 #6

Updated by Victor Julien about 1 year ago

  • Label Needs backport to 6.0 added
Actions
Copy link
 #7

Updated by OISF Ticketbot about 1 year ago

  • Subtask #7112 added
Actions
Copy link
 #8

Updated by OISF Ticketbot about 1 year ago

  • Label deleted (Needs backport to 6.0)
Actions
Copy link
 #10

Updated by Juliana Fajardini Reichow about 1 year ago

  • CVE set to 2024-38535
Actions
Copy link
 #11

Updated by Philippe Antoine about 1 year ago

  • Status changed from Resolved to Closed
Actions
Copy link
 #12

Updated by Juliana Fajardini Reichow 10 days ago

  • Private changed from Yes to No
Actions
Copy link

Also available in: Atom PDF