Actions
Security #7267
closedja4: non alphanumeric characters in alpn lead to panic
Git IDs:
1e152d1f1060a5afd39496d4f2556e7159cd22cc
Severity:
CRITICAL
Disclosure Date:
12/23/2024
Description
Found by oss-fuzz:
https://issues.oss-fuzz.com/issues/368729563
And we did not follow what the spec described for the case https://github.com/FoxIO-LLC/ja4/blob/main/technical_details/JA4.md#alpn-extension-value
Updated by Philippe Antoine 3 months ago
- Status changed from New to In Review
- Label Needs backport to 7.0 added
Gitlab MR
Updated by Philippe Antoine 3 months ago
Stack trace :
thread '<unnamed>' panicked at src/ja4.rs:265:16: source slice length (37) does not match destination slice length (36) #0 0x7adeac77f00b in raise /build/glibc-LcI20x/glibc-2.31/sysdeps/unix/sysv/linux/raise.c:51:1 #1 0x7adeac75e858 in abort /build/glibc-LcI20x/glibc-2.31/stdlib/abort.c:79:7 #2 0x5a3fa7ac8086 in std::sys::pal::unix::abort_internal::h6262fe410407344a /rustc/1a648b397dedc98ada3dd3360f6d661ec2436c56/library/std/src/sys/pal/unix/mod.rs:371:14 #3 0x5a3fa7abdab8 in rust_panic /rustc/1a648b397dedc98ada3dd3360f6d661ec2436c56/library/std/src/panicking.rs:834:5 #4 0x5a3fa7abd899 in std::panicking::rust_panic_with_hook::haac9f65a4111ce33 /rustc/1a648b397dedc98ada3dd3360f6d661ec2436c56/library/std/src/panicking.rs:803:5 #5 0x5a3fa7abd5a1 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::h6a452ac7fecf7288 /rustc/1a648b397dedc98ada3dd3360f6d661ec2436c56/library/std/src/panicking.rs:659:13 #6 0x5a3fa7abaaa5 in std::sys_common::backtrace::__rust_end_short_backtrace::ha4c176c669fc3286 /rustc/1a648b397dedc98ada3dd3360f6d661ec2436c56/library/std/src/sys_common/backtrace.rs:171:18 #7 0x5a3fa7abd2f3 in rust_begin_unwind /rustc/1a648b397dedc98ada3dd3360f6d661ec2436c56/library/std/src/panicking.rs:647:5 #8 0x5a3fa49e5fd4 in core::panicking::panic_fmt::hfae197985af26789 /rustc/1a648b397dedc98ada3dd3360f6d661ec2436c56/library/core/src/panicking.rs:72:14 #9 0x5a3fa49e66f1 in core::slice::_$LT$impl$u20$$u5b$T$u5d$$GT$::copy_from_slice::len_mismatch_fail::h75ad154f73fa60ec /rustc/1a648b397dedc98ada3dd3360f6d661ec2436c56/library/core/src/slice/mod.rs:3597:13 #10 0x5a3fa5799db2 in core::slice::_$LT$impl$u20$$u5b$T$u5d$$GT$::copy_from_slice::h18261594c9e199d2 /rustc/1a648b397dedc98ada3dd3360f6d661ec2436c56/library/core/src/slice/mod.rs:3604:13 #11 0x5a3fa5799db2 in SCJA4GetHash suricata/rust/src/ja4.rs:265:5 #12 0x5a3fa4bcdb3c in GetData suricata/src/detect-ja4-hash.c:147:9 #13 0x5a3fa4b5efb3 in PrefilterMpm suricata/src/detect-engine-prefilter.c:727:32 #14 0x5a3fa4b58c9a in DetectRunPrefilterTx suricata/src/detect-engine-prefilter.c:125:9 #15 0x5a3fa4ff0818 in DetectRunTx suricata/src/detect.c:1466:13 #16 0x5a3fa4ff0818 in DetectRun suricata/src/detect.c:174:9 #17 0x5a3fa4febb78 in Detect suricata/src/detect.c:0 #18 0x5a3fa4c73ff5 in FlowWorker suricata/src/flow-worker.c:636:9 #19 0x5a3fa4ac19d9 in LLVMFuzzerTestOneInput suricata/src/tests/fuzz/fuzz_sigpcap_aware.c:179:13
Updated by Victor Julien 3 months ago
- Severity changed from MODERATE to CRITICAL
Updated by Juliana Fajardini Reichow 3 months ago
- CVE set to 2024-47522
Updated by Philippe Antoine 3 months ago
- Status changed from In Review to Closed
Actions