Project

General

Profile

Actions
Copy link

Security #7195

closed

datasets: rule with unset makes suricata abort

Added by Philippe Antoine 3 months ago. Updated 16 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
8.0.0-beta1
Affected Versions:
Label:
CVE:
2024-45795
Git IDs:

e47598110a557bb9f87ea498d85ba91a45bb0cb6

Severity:
HIGH
Disclosure Date:

Description

Running SV datasets-03-set test with added rule

diff --git a/tests/datasets-03-set/test.rules b/tests/datasets-03-set/test.rules
index 1d99df9d..327c774a 100644
--- a/tests/datasets-03-set/test.rules
+++ b/tests/datasets-03-set/test.rules
@@ -1 +1,2 @@
 alert dns any any -> any any (dns.query; dataset:set,dns-seen, type string; sid:1;)
+alert dns any any -> any any (dns.query; content: "example"; dataset:unset,dns-seen, type string; sid:2;)

triggers the abort in DetectDatasetBufferMatch because we get DETECT_DATASET_CMD_UNSET

Subtasks 1 (0 open1 closed)

Security #7196: datasets: rule with unset makes suricata abort (7.0.x backport)ClosedPhilippe AntoineActions

Related issues 1 (1 open0 closed)

Related to Suricata - Bug #5576: Dataset is setting data despite the signature being a complete matchIn ReviewPhilippe AntoineActions
Actions
Copy link

Also available in: Atom PDF