Security #7465: ldap: bound of number of transactions is not fully enforced - Suricata - Open Information Security Foundation

Actions

Copy link

Security #7465

closed

ldap: bound of number of transactions is not fully enforced

Added by Philippe Antoine 7 months ago. Updated 3 days ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

8.0.0-beta1

Affected Versions:

Label:

CVE:

Git IDs:

Severity:

MODERATE

Disclosure Date:

03/17/2025

Description

Found by oss-fuzz
https://issues.oss-fuzz.com/u/1/issues/383880390

No need to backport as only in 8

If a 1 Mbyte chunk is parsed in one go, we can create many transactions, and have quadratic complexity with find_request

Actions

Copy link

Updated by Philippe Antoine 7 months ago

Status changed from New to In Review

https://github.com/OISF/suricata/pull/12295

Actions

Copy link

Updated by Philippe Antoine 6 months ago

Status changed from In Review to Closed

https://github.com/OISF/suricata/pull/12354

Actions

Copy link

Updated by Juliana Fajardini Reichow 3 days ago

Private changed from Yes to No

Making public as per the disclosure date.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #7465

ldap: bound of number of transactions is not fully enforced

Updated by Philippe Antoine 7 months ago

Updated by Philippe Antoine 6 months ago

Updated by Juliana Fajardini Reichow 3 days ago