Project

General

Profile

Actions

Bug #4477

closed

Infinite loops in when using InspectionBufferMultipleForList

Added by Philippe Antoine over 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

From https://github.com/OISF/suricata/pull/5622#discussion_r626686822

POC is in #4476 once the buffer overflow gets fixed

Root cause is integer loss of precision casting local_id to uint16_t when there can more than 65536 buffers in a transaction

This may be not the case for dns.query as the maximum PDU length is 65536
But this is definitely the case for MQTT (subscribe topics) where Suricata default maximum PDU is 1Mbyte


Related issues 3 (0 open3 closed)

Related to Suricata - Bug #4476: heap-buffer-overflow WRITE in InspectionBufferSetup with use of InspectionBufferGetMulti ClosedPhilippe AntoineActions
Copied to Suricata - Security #4484: Infinite loops in when using InspectionBufferMultipleForListClosedShivani BhardwajActions
Copied to Suricata - Security #4486: Infinite loops in when using InspectionBufferMultipleForListClosedJeff LucovskyActions
Actions #1

Updated by Philippe Antoine over 3 years ago

  • Status changed from New to In Review

Gitlab

Actions #2

Updated by Jeff Lucovsky over 3 years ago

  • Copied to Security #4484: Infinite loops in when using InspectionBufferMultipleForList added
Actions #3

Updated by Jeff Lucovsky over 3 years ago

  • Copied to Security #4486: Infinite loops in when using InspectionBufferMultipleForList added
Actions #4

Updated by Philippe Antoine over 3 years ago

  • Parent task deleted (#4476)
Actions #5

Updated by Philippe Antoine over 3 years ago

  • Related to Bug #4476: heap-buffer-overflow WRITE in InspectionBufferSetup with use of InspectionBufferGetMulti added
Actions #7

Updated by Victor Julien almost 3 years ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF