Actions
Bug #7552
closedapp-layer: misdetection if response is seen first without request
Description
Transaction gets cleaned by AppLayerParserTransactionsCleanup before detection is run in the to_client direction when stream.midstream=true and first packet is to client dir.
Found in: https://github.com/OISF/suricata-verify/pull/2282
The next step is find a pcap to reproduce the bug
Updated by Alice da Silva Akaki 8 months ago
- Affected Versions 7.0.8, git main added
- Label Needs backport to 7.0 added
Updated by Alice da Silva Akaki 8 months ago
S-V tests that indicate the bug
https://github.com/OISF/suricata-verify/pull/2292
Updated by Shivani Bhardwaj 8 months ago
- Subject changed from detect: flags not set to client dir if midsteam==true and 1st packet to client to applayer: misdetection if response is seen first without request
Updated by Philippe Antoine 7 months ago
- Status changed from New to In Review
- Assignee changed from OISF Dev to Philippe Antoine
Updated by Philippe Antoine 7 months ago
- Status changed from In Review to Resolved
Updated by Victor Julien 6 months ago
- Subject changed from applayer: misdetection if response is seen first without request to app-layer: misdetection if response is seen first without request
Actions