Security #5686: decoder/tunnel: tunnel depth not limited properly - Suricata - Open Information Security Foundation

Actions

Copy link

Security #5686

closed

decoder/tunnel: tunnel depth not limited properly

Added by Victor Julien almost 2 years ago. Updated over 1 year ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

7.0.0-rc1

Affected Versions:

Label:

CVE:

Git IDs:

03d049dadce71b5e751dddd3bfddd3a2ccf7a21d

Severity:

HIGH

Disclosure Date:

Description

Stacking many layers of IPv4 in IPv4, IPv6 over IPv4, etc results in severe performance degradation, possibly other problems.

Some of these layers will get their own flow tracking, so a single packet might create many flows, each leading to locking overhead, timeout handling, eve.flow records, etc.

Subtasks 1 (0 open — 1 closed)

Actions

Copy link

Updated by Victor Julien almost 2 years ago

Subtask #5688 added

Actions

Copy link

Updated by Victor Julien almost 2 years ago

Label deleted (~~Needs backport to 6.0~~)

Actions

Copy link

Updated by Victor Julien almost 2 years ago

Status changed from In Progress to In Review

Actions

Copy link

Updated by Victor Julien almost 2 years ago

Status changed from In Review to Closed
Git IDs updated (diff)

https://github.com/OISF/suricata/pull/8218/commits/03d049dadce71b5e751dddd3bfddd3a2ccf7a21d

Actions

Copy link

Updated by Victor Julien over 1 year ago

Private changed from Yes to No

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #5686

decoder/tunnel: tunnel depth not limited properly

Updated by Victor Julien almost 2 years ago

Updated by Victor Julien almost 2 years ago

Updated by Victor Julien almost 2 years ago

Updated by Victor Julien almost 2 years ago

Updated by Victor Julien over 1 year ago