Security #7289: http: missing hashtable random seed leads to potential DoS - Suricata - Open Information Security Foundation

Actions

Copy link

Security #7289

closed

http: missing hashtable random seed leads to potential DoS

Added by Juliana Fajardini Reichow 21 days ago. Updated 2 days ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

7.0.7

Affected Versions:

7.0.4, 7.0.5, 7.0.6

Label:

CVE:

2024-47188

Git IDs:

db5a7a2febf6a2a862809fabfd35d238d16d6386

Severity:

CRITICAL

Disclosure Date:

Description

Missing initialization of the random seed for "thash" leads to byte-range tracking having
predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket.

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #7289

http: missing hashtable random seed leads to potential DoS

Updated by Juliana Fajardini Reichow 21 days ago

Updated by Victor Julien 21 days ago

Updated by Juliana Fajardini Reichow 21 days ago

Updated by Juliana Fajardini Reichow 21 days ago

Updated by Victor Julien 17 days ago

Updated by Victor Julien 2 days ago