Bug #5192: SSL : over allocation for certificates - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #5192

closed

SSL : over allocation for certificates

Added by Shivani Bhardwaj over 2 years ago. Updated over 2 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Shivani Bhardwaj

Target version:

6.0.5

Affected Versions:

6.0.4

Effort:

Difficulty:

Label:

Description

Found by Coverity

Untrusted allocation size (TAINTED_SCALAR)

in curr_connp->trec = SCMalloc(curr_connp->trec_len); where trec_len is a u24 read from the network, so suricata can call malloc with up to 16Mbytes even if there is no data yet to fill them...

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Updated by Shivani Bhardwaj over 2 years ago

Copied from Bug #5188: SSL : over allocation for certificates added

Actions

Copy link

Updated by Shivani Bhardwaj over 2 years ago

Status changed from Assigned to In Review

Actions

Copy link

Updated by Shivani Bhardwaj over 2 years ago

Status changed from In Review to Closed

Closed by: https://github.com/OISF/suricata/pull/7206

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #5192

SSL : over allocation for certificates

Updated by Shivani Bhardwaj over 2 years ago

Updated by Shivani Bhardwaj over 2 years ago

Updated by Shivani Bhardwaj over 2 years ago