Bug #3783
Updated by Antti Tönkyrä over 4 years ago
When doing torture tests, I discovered a stack overflow in DetectFlowbitsAnalyze. I have made a PR to github @ https://github.com/OISF/suricata/pull/5103 https://github.com/OISF/suricata/pull/5102 Overflow happens when number of flowbits is sufficiently large which in turn causes array containing FBAnalyze structs to be greater than stack size. Changeset should apply cleanly to 5.x too.