Security #7289: http: missing hashtable random seed leads to potential DoS - Suricata - Open Information Security Foundation

Actions

Copy link

Security #7289

closed

http: missing hashtable random seed leads to potential DoS

Added by Juliana Fajardini Reichow about 1 month ago. Updated 16 days ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

7.0.7

Affected Versions:

7.0.4, 7.0.5, 7.0.6

Label:

CVE:

2024-47188

Git IDs:

db5a7a2febf6a2a862809fabfd35d238d16d6386

Severity:

CRITICAL

Disclosure Date:

Description

Missing initialization of the random seed for "thash" leads to byte-range tracking having
predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket.

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #7289

http: missing hashtable random seed leads to potential DoS

Updated by Juliana Fajardini Reichow about 1 month ago

Updated by Victor Julien about 1 month ago

Updated by Juliana Fajardini Reichow about 1 month ago

Updated by Juliana Fajardini Reichow about 1 month ago

Updated by Victor Julien about 1 month ago

Updated by Victor Julien 16 days ago