Security #6444: http1: quadratic complexity from infinite folded headers - Suricata - Open Information Security Foundation

Security #6444

Target version:

Affected Versions:

20ac301d801cdf01b3f021cca08a22a87f477c4a

Disclosure Date:

Description

POC to reproduce is

GET / HTTP/1.1
Host: localhost
Header: a
 b
 b
 b
 b

never stopping

lol.pcap (1.11 MB) lol.pcap

Philippe Antoine, 11/08/2023 08:55 AM

Subtasks 2 (0 open — 2 closed)

Also available in: Atom PDF