Project

General

Profile

Actions
Copy link

Security #7289

closed
JF PA

http: missing hashtable random seed leads to potential DoS

Security #7289: http: missing hashtable random seed leads to potential DoS

Added by Juliana Fajardini Reichow over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
7.0.7
Affected Versions:
7.0.4, 7.0.5, 7.0.6
Label:
CVE:
2024-47188
Git IDs:

db5a7a2febf6a2a862809fabfd35d238d16d6386

Severity:
CRITICAL
Disclosure Date:

Description

Missing initialization of the random seed for "thash" leads to byte-range tracking having
predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket.

Related issues 1 (0 open1 closed)

Related to Suricata - Security #7209: thash: random factor not used; possible abusive hash collisionsClosedPhilippe AntoineActions

JF Updated by Juliana Fajardini Reichow over 1 year ago Actions
Copy link
 #1

  • Related to Security #7209: thash: random factor not used; possible abusive hash collisions added

VJ Updated by Victor Julien over 1 year ago Actions
Copy link
 #2

  • Status changed from New to Resolved
  • Assignee changed from OISF Dev to Philippe Antoine

JF Updated by Juliana Fajardini Reichow over 1 year ago Actions
Copy link
 #3

  • Severity changed from HIGH to CRITICAL

VJ Updated by Victor Julien over 1 year ago Actions
Copy link
 #5

  • Status changed from Resolved to Closed
  • Git IDs updated (diff)

VJ Updated by Victor Julien over 1 year ago Actions
Copy link
 #6

  • Private changed from Yes to No
Actions
Copy link

Also available in: PDF Atom