Security #7209: thash: random factor not used; possible abusive hash collisions - Suricata - Open Information Security Foundation

Custom queries

8.0.0 Stories
Good First Issues
OISF community

Actions

Copy link

Security #7209

closed

thash: random factor not used; possible abusive hash collisions

Added by Jason Ish 3 months ago. Updated 16 days ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

8.0.0-beta1

Affected Versions:

7.0.6, git master

Label:

CVE:

2024-47187

Git IDs:

26da953f6dad3793d29f27ce7ab6628a2db8f471

Severity:

CRITICAL

Disclosure Date:

Description

util-thash.c initializes a random factor, however, this is not used. I suspect the intention was to introduce some randomness.

Subtasks 1 (0 open — 1 closed)

Security #7258: thash: random factor not used; possible abusive hash collisions (7.0.x backport)

Closed

Philippe Antoine

Actions

Related issues 2 (1 open — 1 closed)

	Related to Suricata - Optimization #3322: Use standard CRC32 for hash-like functions	New	Community Ticket				Actions
	Related to Suricata - Security #7289: http: missing hashtable random seed leads to potential DoS	Closed	Philippe Antoine				Actions

Issue # Delay: days Cancel

History
Notes
Property changes

Actions

Copy link

Updated by Philippe Antoine 3 months ago

cf usage of StringHashDjb2 in ContainerUrlRangeHash, network traffic induced

Actions

Copy link

Updated by Philippe Antoine 3 months ago

cf https://github.com/golang/go/issues/2630

Actions

Copy link

Updated by Victor Julien about 1 month ago

Label Needs backport to 7.0 added

Actions

Copy link

Updated by Victor Julien about 1 month ago

Target version changed from TBD to 8.0.0-beta1

Actions

Copy link

Updated by OISF Ticketbot about 1 month ago

Subtask #7258 added

Actions

Copy link

Updated by OISF Ticketbot about 1 month ago

Label deleted (~~Needs backport to 7.0~~)

Actions

Copy link

Updated by Philippe Antoine about 1 month ago

git grep 5381 shows a lot of redefinition of StringHashDjb2

Actions

Copy link

Updated by Philippe Antoine about 1 month ago

Status changed from New to In Review

Gitlab POC

Actions

Copy link

Updated by Philippe Antoine about 1 month ago

Related to Optimization #3322: Use standard CRC32 for hash-like functions added

Actions

Copy link

#10

Updated by Victor Julien about 1 month ago

Tracker changed from Bug to Security
Assignee changed from OISF Dev to Philippe Antoine
Severity set to CRITICAL

Actions

Copy link

#11

Updated by Juliana Fajardini Reichow about 1 month ago

Related to Security #7289: http: missing hashtable random seed leads to potential DoS added

Actions

Copy link

#12

Updated by Juliana Fajardini Reichow about 1 month ago

CVE set to 2024-47187

https://github.com/OISF/suricata/security/advisories/GHSA-64ww-4f6x-863p

Actions

Copy link

#13

Updated by Philippe Antoine about 1 month ago

Status changed from In Review to Closed

https://github.com/OISF/suricata/commit/26da953f6dad3793d29f27ce7ab6628a2db8f471

Actions

Copy link

#14

Updated by Philippe Antoine about 1 month ago

Git IDs updated (diff)

Actions

Copy link

#15

Updated by Victor Julien 16 days ago

Private changed from Yes to No

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #7209

thash: random factor not used; possible abusive hash collisions

Updated by Philippe Antoine 3 months ago

Updated by Philippe Antoine 3 months ago

Updated by Victor Julien about 1 month ago

Updated by Victor Julien about 1 month ago

Updated by OISF Ticketbot about 1 month ago

Updated by OISF Ticketbot about 1 month ago

Updated by Philippe Antoine about 1 month ago

Updated by Philippe Antoine about 1 month ago

Updated by Philippe Antoine about 1 month ago

Updated by Victor Julien about 1 month ago

Updated by Juliana Fajardini Reichow about 1 month ago

Updated by Juliana Fajardini Reichow about 1 month ago

Updated by Philippe Antoine about 1 month ago

Updated by Philippe Antoine about 1 month ago

Updated by Victor Julien 16 days ago