Security #7195: datasets: rule with unset makes suricata abort - Suricata - Open Information Security Foundation

Actions

Copy link

Security #7195

closed

datasets: rule with unset makes suricata abort

Added by Philippe Antoine 3 months ago. Updated 1 day ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

8.0.0-beta1

Affected Versions:

Label:

CVE:

2024-45795

Git IDs:

e47598110a557bb9f87ea498d85ba91a45bb0cb6

Severity:

HIGH

Disclosure Date:

Description

Running SV datasets-03-set test with added rule

diff --git a/tests/datasets-03-set/test.rules b/tests/datasets-03-set/test.rules
index 1d99df9d..327c774a 100644
--- a/tests/datasets-03-set/test.rules
+++ b/tests/datasets-03-set/test.rules
@@ -1 +1,2 @@
 alert dns any any -> any any (dns.query; dataset:set,dns-seen, type string; sid:1;)
+alert dns any any -> any any (dns.query; content: "example"; dataset:unset,dns-seen, type string; sid:2;)

triggers the abort in DetectDatasetBufferMatch because we get DETECT_DATASET_CMD_UNSET

Subtasks 1 (0 open — 1 closed)

Related issues 1 (1 open — 0 closed)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #7195

datasets: rule with unset makes suricata abort

Updated by Philippe Antoine 3 months ago

Updated by OISF Ticketbot 3 months ago

Updated by OISF Ticketbot 3 months ago

Updated by Philippe Antoine 3 months ago

Updated by Philippe Antoine about 2 months ago

Updated by Victor Julien about 1 month ago

Updated by Juliana Fajardini Reichow about 1 month ago

Updated by Philippe Antoine 24 days ago

Updated by Philippe Antoine 22 days ago

Updated by Philippe Antoine 17 days ago

Updated by Victor Julien 2 days ago

Updated by Philippe Antoine 1 day ago