Security #6669: ip defrag: re-assembly error in bsd policy - Suricata - Open Information Security Foundation

Actions

Copy link

Security #6669

closed

ip defrag: re-assembly error in bsd policy

Added by Jason Ish 10 months ago. Updated 5 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Jason Ish

Target version:

8.0.0-beta1

Affected Versions:

6.0.15, 7.0.2

Label:

CVE:

2024-32867

Git IDs:

f1709ea551124e1a64fdc509993ad022ab27aa77

Severity:

MODERATE

Disclosure Date:

Description

Given a subsequent fragment that starts before an original fragment, and overlaps the beginning of the original fragment, Suricata has been preferring the data from the original fragment.

However, per the Novak-Sturges paper, the original fragment data should only be preferred if it has an offset <= to the new fragment.

Fix is to use the data from the new fragment if it has an offset less than the offset of the original fragment.

This is covered in the test bsd/peose/test9.

Subtasks 2 (0 open — 2 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #6669

ip defrag: re-assembly error in bsd policy

Updated by OISF Ticketbot 10 months ago

Updated by OISF Ticketbot 10 months ago

Updated by OISF Ticketbot 10 months ago

Updated by OISF Ticketbot 10 months ago

Updated by Jason Ish 10 months ago

Updated by Jason Ish 7 months ago

Updated by Jason Ish 7 months ago

Updated by Victor Julien 6 months ago

Updated by Victor Julien 6 months ago

Updated by Victor Julien 6 months ago

Updated by Victor Julien 5 months ago