Project

General

Profile

Actions

Bug #1254

closed

sig parsing crash on malformed rev keyword

Added by Victor Julien about 10 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

This sig leads to a segv:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"MALWARE-CNC Potential CnC Response DONE"; flow:established,to_client; content:"200"; http_stat_code; content:"OK"; http_stat_msg; content:"Content-Length|3A| 4|0D 0A|"; http_header; file_data; content:"DONE"; within:4; classtype:trojan-activity; sid:1769992; rev;1;)

Note: rev;1;, should be rev:1;

Actions

Also available in: Atom PDF