Project

General

Profile

Actions
Copy link

Security #7526

closed
PA PA

detect: infinite loop in DetectEngineContentInspectionInternal with negated pcre

Security #7526: detect: infinite loop in DetectEngineContentInspectionInternal with negated pcre

Added by Philippe Antoine about 1 year ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
8.0.0-beta1
Affected Versions:
Label:
CVE:
2025-29918
Git IDs:
Severity:
HIGH
Disclosure Date:
04/28/2025

Description

Found by oss-fuzz
https://issues.oss-fuzz.com/u/1/issues/392180063

Reproducer rule is alert ip any any -> any any (pcre:!/weak"/.*bC/"; byte_extract:1,4,rpkt_len,relative; byte_jump:rpkt_len,0,relative; sid:1;

Files

infu.pcap (972 Bytes) infu.pcap Philippe Antoine, 01/28/2025 01:50 PM

Subtasks 1 (0 open1 closed)

Security #7527: detect: infinite loop with negated pcre and indefinite recursion limit setting (7.0.x backport)ClosedPhilippe AntoineActions
Actions
Copy link

Also available in: PDF Atom