Project

General

Profile

Bug #3783

Updated by Antti Tönkyrä over 4 years ago

When doing torture tests, I discovered a stack overflow in DetectFlowbitsAnalyze. I have made a PR to github @ https://github.com/OISF/suricata/pull/5102 

 Overflow happens when number of flowbits is sufficiently large which in turn causes array containing FBAnalyze structs to be greater than stack size. 

 Changeset should apply cleanly to 5.x too.

Back