Project

General

Profile

Actions

Security #5686

closed

decoder/tunnel: tunnel depth not limited properly

Added by Victor Julien almost 2 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Label:
CVE:
Git IDs:

03d049dadce71b5e751dddd3bfddd3a2ccf7a21d

Severity:
HIGH
Disclosure Date:

Description

Stacking many layers of IPv4 in IPv4, IPv6 over IPv4, etc results in severe performance degradation, possibly other problems.

Some of these layers will get their own flow tracking, so a single packet might create many flows, each leading to locking overhead, timeout handling, eve.flow records, etc.


Subtasks 1 (0 open1 closed)

Security #5688: decoder/tunnel: tunnel depth not limited properly (6.0.x backport)ClosedVictor JulienActions
Actions

Also available in: Atom PDF