Security #7209: thash: random factor not used; possible abusive hash collisions - Suricata - Open Information Security Foundation

Custom queries

8.0.0 Stories
Good First Issues
OISF community

Actions

Copy link

Security #7209

closed

thash: random factor not used; possible abusive hash collisions

Added by Jason Ish 2 months ago. Updated 2 days ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

8.0.0-beta1

Affected Versions:

7.0.6, git master

Label:

CVE:

2024-47187

Git IDs:

26da953f6dad3793d29f27ce7ab6628a2db8f471

Severity:

CRITICAL

Disclosure Date:

Description

util-thash.c initializes a random factor, however, this is not used. I suspect the intention was to introduce some randomness.

Subtasks 1 (0 open — 1 closed)

Security #7258: thash: random factor not used; possible abusive hash collisions (7.0.x backport)

Closed

Philippe Antoine

Actions

Related issues 2 (1 open — 1 closed)

	Related to Suricata - Optimization #3322: Use standard CRC32 for hash-like functions	New	Community Ticket				Actions
	Related to Suricata - Security #7289: http: missing hashtable random seed leads to potential DoS	Closed	Philippe Antoine				Actions

Issue # Delay: days Cancel

History
Notes
Property changes

Actions

Copy link

Updated by Philippe Antoine 2 months ago

cf usage of StringHashDjb2 in ContainerUrlRangeHash, network traffic induced

Actions

Copy link

Updated by Philippe Antoine 2 months ago

cf https://github.com/golang/go/issues/2630

Actions

Copy link

Updated by Victor Julien about 1 month ago

Label Needs backport to 7.0 added

Actions

Copy link

Updated by Victor Julien about 1 month ago

Target version changed from TBD to 8.0.0-beta1

Actions

Copy link

Updated by OISF Ticketbot about 1 month ago

Subtask #7258 added

Actions

Copy link

Updated by OISF Ticketbot about 1 month ago

Label deleted (~~Needs backport to 7.0~~)

Actions

Copy link

Updated by Philippe Antoine 26 days ago

git grep 5381 shows a lot of redefinition of StringHashDjb2

Actions

Copy link

Updated by Philippe Antoine 26 days ago

Status changed from New to In Review

Gitlab POC

Actions

Copy link

Updated by Philippe Antoine 25 days ago

Related to Optimization #3322: Use standard CRC32 for hash-like functions added

Actions

Copy link

#10

Updated by Victor Julien 25 days ago

Tracker changed from Bug to Security
Assignee changed from OISF Dev to Philippe Antoine
Severity set to CRITICAL

Actions

Copy link

#11

Updated by Juliana Fajardini Reichow 21 days ago

Related to Security #7289: http: missing hashtable random seed leads to potential DoS added

Actions

Copy link

#12

Updated by Juliana Fajardini Reichow 21 days ago

CVE set to 2024-47187

https://github.com/OISF/suricata/security/advisories/GHSA-64ww-4f6x-863p

Actions

Copy link

#13

Updated by Philippe Antoine 17 days ago

Status changed from In Review to Closed

https://github.com/OISF/suricata/commit/26da953f6dad3793d29f27ce7ab6628a2db8f471

Actions

Copy link

#14

Updated by Philippe Antoine 17 days ago

Git IDs updated (diff)

Actions

Copy link

#15

Updated by Victor Julien 2 days ago

Private changed from Yes to No

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #7209

thash: random factor not used; possible abusive hash collisions

Updated by Philippe Antoine 2 months ago

Updated by Philippe Antoine 2 months ago

Updated by Victor Julien about 1 month ago

Updated by Victor Julien about 1 month ago

Updated by OISF Ticketbot about 1 month ago

Updated by OISF Ticketbot about 1 month ago

Updated by Philippe Antoine 26 days ago

Updated by Philippe Antoine 26 days ago

Updated by Philippe Antoine 25 days ago

Updated by Victor Julien 25 days ago

Updated by Juliana Fajardini Reichow 21 days ago

Updated by Juliana Fajardini Reichow 21 days ago

Updated by Philippe Antoine 17 days ago

Updated by Philippe Antoine 17 days ago

Updated by Victor Julien 2 days ago