Project

General

Profile

Actions

Security #7289

closed

http: missing hashtable random seed leads to potential DoS

Added by Juliana Fajardini Reichow 3 months ago. Updated 2 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Label:
Git IDs:

db5a7a2febf6a2a862809fabfd35d238d16d6386

Severity:
CRITICAL
Disclosure Date:

Description

Missing initialization of the random seed for "thash" leads to byte-range tracking having
predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket.


Related issues 1 (0 open1 closed)

Related to Suricata - Security #7209: thash: random factor not used; possible abusive hash collisionsClosedPhilippe AntoineActions
Actions

Also available in: Atom PDF