Security #5926
closedhttp2: evasion by splitting header fields over frames
aff54f29f8c3f583ae0524a661aa90dc7a2d3f92
Description
Beginning in a headers frame, and continuing in so-called continuation frames, with reassembly needed to be done...
Then, we need to avoid quadratic complexity of Huffman decoding as golang CVE 2023-1571
Files
Updated by Philippe Antoine over 1 year ago
- Target version changed from TBD to 8.0.0-beta1
Updated by Philippe Antoine about 1 year ago
- Priority changed from Normal to Low
Updated by Philippe Antoine about 1 year ago
Attaching a sample pcap
There should be no anomaly and we should have the request header namenamenamenamenamenamenamenamenamename: valuevaluevaluevaluevaluevaluevaluevaluevaluevaluevaluevaluevaluevaluevaluevaluevaluevaluevaluevalue
Updated by Philippe Antoine 11 months ago
- Tracker changed from Bug to Security
- Severity set to MODERATE
Evasion is a security issue, right ? Which severity ?
An attacker can hide its HTTP2 headers to Suricata now...
Updated by Philippe Antoine 11 months ago
Jason Ish wrote in #note-7:
Philippe: Are backports required?
I guess so.
That depends if this is assessed a security issue versus an evasion or a feature...
Updated by Philippe Antoine 11 months ago
- Status changed from In Review to Closed
- Git IDs updated (diff)
Updated by Philippe Antoine 11 months ago
- Severity changed from MODERATE to HIGH
not critical because does not fit
evasions with a wide scope are considered to be in-scope
But High as Tier 1