Project

General

Profile

Actions
Copy link

Security #5399

closed

mqtt: DOS by quadratic with too many transactions in one parse

Added by Philippe Antoine over 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
OISF Dev
Target version:
7.0.0-beta1
Affected Versions:
6.0.5
Label:
CVE:
Git IDs:
Severity:
MODERATE
Disclosure Date:

Subtasks 1 (0 open1 closed)

Security #5430: mqtt: DOS by quadratic with too many transactions in one parse (6.0.x backport)ClosedJeff LucovskyActions

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #4530: DOS Quadratic complexity when having too many transactionsClosedPhilippe AntoineActions
Actions
Copy link
 #1

Updated by Philippe Antoine over 2 years ago

  • Status changed from New to Assigned
  • Target version changed from TBD to 7.0.0-beta1
  • Affected Versions 6.0.5 added
  • Label Needs backport, Needs backport to 6.0 added

Fouad by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47934

One transaction is created out of 2 bytes when calling parsing with a 400 000 bytes input

Actions
Copy link
 #2

Updated by Philippe Antoine over 2 years ago

  • Related to Bug #4530: DOS Quadratic complexity when having too many transactions added
Actions
Copy link
 #3

Updated by Philippe Antoine over 2 years ago

  • Status changed from Assigned to In Review

Gitlab

Actions
Copy link
 #4

Updated by Victor Julien over 2 years ago

  • Label deleted (Needs backport, Needs backport to 6.0)
Actions
Copy link
 #5

Updated by Victor Julien about 2 years ago

  • Tracker changed from Bug to Security
  • Severity set to MODERATE
Actions
Copy link
 #6

Updated by Philippe Antoine about 2 years ago

  • Status changed from In Review to Resolved
Actions
Copy link
 #7

Updated by Philippe Antoine about 2 years ago

  • Status changed from Resolved to Closed
Actions
Copy link
 #8

Updated by Victor Julien almost 2 years ago

  • Private changed from Yes to No
Actions
Copy link

Also available in: Atom PDF