Security #7267: ja4: non alphanumeric characters in alpn lead to panic - Suricata - Open Information Security Foundation

Actions

Copy link

Security #7267

closed

ja4: non alphanumeric characters in alpn lead to panic

Added by Philippe Antoine about 1 month ago. Updated 16 days ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

8.0.0-beta1

Affected Versions:

Label:

CVE:

2024-47522

Git IDs:

1e152d1f1060a5afd39496d4f2556e7159cd22cc

Severity:

CRITICAL

Disclosure Date:

12/23/2024

Description

Found by oss-fuzz:
https://issues.oss-fuzz.com/issues/368729563

And we did not follow what the spec described for the case https://github.com/FoxIO-LLC/ja4/blob/main/technical_details/JA4.md#alpn-extension-value

Subtasks 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #7267

ja4: non alphanumeric characters in alpn lead to panic

Updated by OISF Ticketbot about 1 month ago

Updated by OISF Ticketbot about 1 month ago

Updated by Philippe Antoine about 1 month ago

Updated by Philippe Antoine about 1 month ago

Updated by Philippe Antoine about 1 month ago

Updated by Victor Julien about 1 month ago

Updated by Juliana Fajardini Reichow about 1 month ago

Updated by Philippe Antoine about 1 month ago

Updated by Philippe Antoine about 1 month ago

Updated by Victor Julien 16 days ago