Bug #7254: dcerpc: parser does not support multiple PDUs - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #7254

open

dcerpc: parser does not support multiple PDUs

Added by Shivani Bhardwaj 5 months ago. Updated 17 days ago.

Status:

Assigned

Priority:

Normal

Assignee:

Shivani Bhardwaj

Target version:

8.0.0-beta1

Affected Versions:

Effort:

Difficulty:

Label:

Description

dcerpc parser does not support parsing multiple PDUs in the input buffer. It takes the input, parses the first PDU, and if it succeeds, returns ok to the common applayer parser.

The common applayer parser then assumes that the entire data that was sent to the protocol parser was successfully parsed and consumed. It then updates the stream progress to reflect the same.

Related issues 3 (2 open — 1 closed)

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Copied to Suricata - Bug #7546: dcerpc: parser does not take fraglen into account	New	Shivani Bhardwaj	Actions
Copied to Suricata - Bug #7547: dcerpc: parser uses only one header for both directions	New	Shivani Bhardwaj	Actions
Copied to Suricata - Bug #7548: dcerpc: avoid integer underflow	Closed	Philippe Antoine	Actions

Project

General

Profile

Suricata

Custom queries

Bug #7254

dcerpc: parser does not support multiple PDUs

Updated by Philippe Antoine 17 days ago

Updated by Philippe Antoine 17 days ago

Updated by Philippe Antoine 17 days ago · Edited

Updated by Philippe Antoine 17 days ago

Updated by Philippe Antoine 17 days ago