Project

General

Profile

Actions
Copy link

Bug #8465

closed
JI JI

config: use after free when include sequence redefines parent of dotted key

Bug #8465: config: use after free when include sequence redefines parent of dotted key

Added by Jason Ish about 1 month ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
Jason Ish
Target version:
9.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

For example, a suricata.yaml that loos like:

%YAML 1.1
---
outputs.x: val
include:
  - ./include.yaml

and include.yaml:
%YAML 1.1
---
outputs: []

The override cleaned up after itself, but the node is still marked a sequence.

Reported by: Trail of Bits, in collaboration with Anthropic

JI Updated by Jason Ish about 1 month ago Actions
Copy link
 #1

  • Description updated (diff)

JI Updated by Jason Ish about 1 month ago Actions
Copy link
 #2

  • Status changed from In Progress to In Review

JI Updated by Jason Ish about 1 month ago Actions
Copy link
 #3

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: PDF Atom