Project

General

Profile

Bug #3783

Updated by Antti Tönkyrä 11 months ago

When doing torture tests, I discovered a stack overflow in DetectFlowbitsAnalyze. I have made a PR to github @ https://github.com/OISF/suricata/pull/5103 https://github.com/OISF/suricata/pull/5102 

 Overflow happens when number of flowbits is sufficiently large which in turn causes array containing FBAnalyze structs to be greater than stack size. 

 Changeset should apply cleanly to 5.x too.

Back