Project

General

Profile

Actions

Bug #7814

open
JL JL

detect/entropy: entropy values can be overwritten

Bug #7814: detect/entropy: entropy values can be overwritten

Added by Jeff Lucovsky 12 months ago. Updated 2 months ago.

Status:
In Review
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Entropy values are stored as flow variables with a name formed from the anchoring sticky buffer. When multiple rules use entropy with the same sticky buffer, values will be stored in a single variable (only one value is stored).

Unique names should be used to avoid overwriting values by combining a per-rule value with the sticky buffer, such as the signature id.


Related issues 1 (1 open0 closed)

Blocked by Suricata - Optimization #4707: detect: unify internal buffer names to use <proto>.<buffer> namingAssignedVictor JulienActions

PA Updated by Philippe Antoine 12 months ago Actions #1

  • Affected Versions 8.0.0 added
  • Affected Versions deleted (8.0.1)

VJ Updated by Victor Julien 11 months ago Actions #2

  • Status changed from New to In Review

PA Updated by Philippe Antoine 2 months ago Actions #3

  • Target version changed from TBD to 9.0.0-beta1

PA Updated by Philippe Antoine 19 days ago Actions #4

  • Blocked by Optimization #4707: detect: unify internal buffer names to use <proto>.<buffer> naming added
Actions

Also available in: PDF Atom