Project

General

Profile

Actions

Security #5921

closed

http1: configurable limit for maximum number of live transactions per flow

Added by Philippe Antoine over 1 year ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Label:
Git IDs:

8f63a8f3bffbbaf8fae4985ee5f974ab326b08c0
4175680a8a1c0dfaa491ee63d6e36c011d498473

Severity:
CRITICAL
Disclosure Date:
12/25/2023

Description

Kind of found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55582

See also libhtp-rs oom


Subtasks 2 (0 open2 closed)

Security #6540: http1: configurable limit for maximum number of live transactions per flow (7.0.x backport)ClosedPhilippe AntoineActions
Security #6658: http1: configurable limit for maximum number of live transactions per flow (6.0.x backport)ClosedPhilippe AntoineActions

Related issues 2 (1 open1 closed)

Related to Suricata - Feature #2696: http: implement parser in rustIn ProgressPhilippe AntoineActions
Related to Suricata - Security #6299: mqtt pcap with anomalies takes too long to process because of app-layer-event detectionClosedPhilippe AntoineActions
Actions

Also available in: Atom PDF