Project

General

Profile

Actions

Security #7267

closed

ja4: non alphanumeric characters in alpn lead to panic

Added by Philippe Antoine 3 months ago. Updated 2 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Label:
Git IDs:

1e152d1f1060a5afd39496d4f2556e7159cd22cc

Severity:
CRITICAL
Disclosure Date:
12/23/2024

Description


Subtasks 1 (0 open1 closed)

Security #7268: ja4: non alphanumeric characters in alpn lead to panic (7.0.x backport)ClosedPhilippe AntoineActions
Actions #1

Updated by OISF Ticketbot 3 months ago

  • Subtask #7268 added
Actions #2

Updated by OISF Ticketbot 3 months ago

  • Label deleted (Needs backport to 7.0)
Actions #3

Updated by Philippe Antoine 3 months ago

  • Status changed from New to In Review
  • Label Needs backport to 7.0 added

Gitlab MR

Actions #4

Updated by Philippe Antoine 3 months ago

  • Label deleted (Needs backport to 7.0)
Actions #5

Updated by Philippe Antoine 3 months ago

Stack trace :

thread '<unnamed>' panicked at src/ja4.rs:265:16:
source slice length (37) does not match destination slice length (36)

    #0 0x7adeac77f00b in raise /build/glibc-LcI20x/glibc-2.31/sysdeps/unix/sysv/linux/raise.c:51:1
    #1 0x7adeac75e858 in abort /build/glibc-LcI20x/glibc-2.31/stdlib/abort.c:79:7
    #2 0x5a3fa7ac8086 in std::sys::pal::unix::abort_internal::h6262fe410407344a /rustc/1a648b397dedc98ada3dd3360f6d661ec2436c56/library/std/src/sys/pal/unix/mod.rs:371:14
    #3 0x5a3fa7abdab8 in rust_panic /rustc/1a648b397dedc98ada3dd3360f6d661ec2436c56/library/std/src/panicking.rs:834:5
    #4 0x5a3fa7abd899 in std::panicking::rust_panic_with_hook::haac9f65a4111ce33 /rustc/1a648b397dedc98ada3dd3360f6d661ec2436c56/library/std/src/panicking.rs:803:5
    #5 0x5a3fa7abd5a1 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::h6a452ac7fecf7288 /rustc/1a648b397dedc98ada3dd3360f6d661ec2436c56/library/std/src/panicking.rs:659:13
    #6 0x5a3fa7abaaa5 in std::sys_common::backtrace::__rust_end_short_backtrace::ha4c176c669fc3286 /rustc/1a648b397dedc98ada3dd3360f6d661ec2436c56/library/std/src/sys_common/backtrace.rs:171:18
    #7 0x5a3fa7abd2f3 in rust_begin_unwind /rustc/1a648b397dedc98ada3dd3360f6d661ec2436c56/library/std/src/panicking.rs:647:5
    #8 0x5a3fa49e5fd4 in core::panicking::panic_fmt::hfae197985af26789 /rustc/1a648b397dedc98ada3dd3360f6d661ec2436c56/library/core/src/panicking.rs:72:14
    #9 0x5a3fa49e66f1 in core::slice::_$LT$impl$u20$$u5b$T$u5d$$GT$::copy_from_slice::len_mismatch_fail::h75ad154f73fa60ec /rustc/1a648b397dedc98ada3dd3360f6d661ec2436c56/library/core/src/slice/mod.rs:3597:13
    #10 0x5a3fa5799db2 in core::slice::_$LT$impl$u20$$u5b$T$u5d$$GT$::copy_from_slice::h18261594c9e199d2 /rustc/1a648b397dedc98ada3dd3360f6d661ec2436c56/library/core/src/slice/mod.rs:3604:13
    #11 0x5a3fa5799db2 in SCJA4GetHash suricata/rust/src/ja4.rs:265:5
    #12 0x5a3fa4bcdb3c in GetData suricata/src/detect-ja4-hash.c:147:9
    #13 0x5a3fa4b5efb3 in PrefilterMpm suricata/src/detect-engine-prefilter.c:727:32
    #14 0x5a3fa4b58c9a in DetectRunPrefilterTx suricata/src/detect-engine-prefilter.c:125:9
    #15 0x5a3fa4ff0818 in DetectRunTx suricata/src/detect.c:1466:13
    #16 0x5a3fa4ff0818 in DetectRun suricata/src/detect.c:174:9
    #17 0x5a3fa4febb78 in Detect suricata/src/detect.c:0
    #18 0x5a3fa4c73ff5 in FlowWorker suricata/src/flow-worker.c:636:9
    #19 0x5a3fa4ac19d9 in LLVMFuzzerTestOneInput suricata/src/tests/fuzz/fuzz_sigpcap_aware.c:179:13

Actions #6

Updated by Victor Julien 3 months ago

  • Severity changed from MODERATE to CRITICAL
Actions #9

Updated by Philippe Antoine 3 months ago

  • Git IDs updated (diff)
Actions #10

Updated by Victor Julien 2 months ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF