Project

General

Profile

Actions
Copy link

Security #6195

closed

process exit in hyperscan error handling

Added by Victor Julien over 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
7.0.1
Affected Versions:
Label:
CVE:
Git IDs:
Severity:
HIGH
Disclosure Date:

Description

A malformed rule can cause the process to exit due to hyperscan integration triggering a fatal error if hyperscan can't compile a pattern.

This can happen during a rule upgrade, which would exit the process. The process could then not start back up again until the offending rule is removed.

The issue would be mitigated by using a "test" step in the rule upgrade process. In this case the ruleset update would be rejected.

Subtasks 1 (0 open1 closed)

Security #6196: process exit in hyperscan error handling (6.0.x backport)ClosedVictor JulienActions

Related issues 1 (0 open1 closed)

Related to Suricata - Security #6122: lua: flag to disable lua supportClosedJason IshActions
Actions
Copy link

Also available in: Atom PDF