Project

General

Profile

Actions
Copy link

Security #4420

closed

Heap-use-after-free READ 8 · JsonDNP3LoggerToClient

Added by Jeff Lucovsky over 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jason Ish
Target version:
6.0.3
Affected Versions:
6.0.2
Label:
CVE:
Git IDs:
Severity:
Disclosure Date:

Description

Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31549

Use after realloc
DNP3 seems the only one to use OutputJsonBuilderBuffer dangerously

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #4387: Heap-use-after-free READ 8 · JsonDNP3LoggerToClientClosedPhilippe AntoineActions
Actions
Copy link
 #1

Updated by Jeff Lucovsky over 3 years ago

  • Copied from Bug #4387: Heap-use-after-free READ 8 · JsonDNP3LoggerToClient added
Actions
Copy link
 #2

Updated by Jason Ish over 3 years ago

The commit's to master are not applicable to 6.0 as master was fixed due to some other refactoring. For 6.0.x we can use Philippe's original fix for this issue:

https://gitlab.oisf.net/dev/suricata/-/merge_requests/184/diffs?commit_id=29337c81b072e8c6e23c4926e2d819eeb75ceb32

Actions
Copy link
 #4

Updated by Jason Ish over 3 years ago

  • Status changed from Assigned to In Review
Actions
Copy link
 #5

Updated by Shivani Bhardwaj over 3 years ago

  • Assignee changed from Shivani Bhardwaj to Jason Ish
Actions
Copy link
 #6

Updated by Victor Julien over 3 years ago

  • Tracker changed from Bug to Security
Actions
Copy link
 #7

Updated by Victor Julien over 3 years ago

  • Status changed from In Review to Closed
Actions
Copy link
 #8

Updated by Victor Julien about 3 years ago

  • Private changed from Yes to No
Actions
Copy link

Also available in: Atom PDF