Project

General

Profile

Actions

Bug #7228

open

dns: no data logged, and no events with udp corrupt additional record

Added by Philippe Antoine 4 months ago. Updated 4 months ago.

Status:
In Review
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

This prevents detection of Golang net/dns CVE-2024-24788

I expect the response to be logged except for the corrupt additional records, and I expect to have an event on it.

A fix would be that dns_parse_body does not completely error on
let (i, additionals) = dns_parse_answer(i, message, header.additional_rr as usize)?;
But rather return an empty Vec, and have DNSMessage struct have another field like bool corrupt_additional, where the caller could set an event as done for z_flag


Files

dns.pcap (342 Bytes) dns.pcap Philippe Antoine, 08/28/2024 09:20 AM

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #7279: dns: protocol detection is not strict enoughClosedPhilippe AntoineActions
Actions #1

Updated by Philippe Antoine 4 months ago

  • Status changed from New to In Review
  • Target version changed from TBD to 8.0.0-beta1
Actions #2

Updated by Philippe Antoine 3 months ago

  • Related to Bug #7279: dns: protocol detection is not strict enough added
Actions

Also available in: Atom PDF