Bug #7814: detect/entropy: entropy values can be overwritten - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #7814

open

detect/entropy: entropy values can be overwritten

Added by Jeff Lucovsky about 2 months ago. Updated 17 days ago.

Status:

In Review

Priority:

Normal

Assignee:

Jeff Lucovsky

Target version:

TBD

Affected Versions:

8.0.0

Effort:

Difficulty:

Label:

Description

Entropy values are stored as flow variables with a name formed from the anchoring sticky buffer. When multiple rules use entropy with the same sticky buffer, values will be stored in a single variable (only one value is stored).

Unique names should be used to avoid overwriting values by combining a per-rule value with the sticky buffer, such as the signature id.

History
Notes
Property changes

Actions

Copy link

Updated by Philippe Antoine about 1 month ago

Affected Versions 8.0.0 added
Affected Versions deleted (~~8.0.1~~)

Actions

Copy link

Updated by Victor Julien 17 days ago

Status changed from New to In Review

https://github.com/OISF/suricata/pull/13621

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #7814

detect/entropy: entropy values can be overwritten

Updated by Philippe Antoine about 1 month ago

Updated by Victor Julien 17 days ago