pgsql: memory exhaustion on record parsing

High

victorjulien published GHSA-8583-353f-mvwc

Feb 26, 2024

Package

suricata

Affected versions

>= 7.0.0, <= 7.0.2

Patched versions

7.0.3

Description

Impact

Excessive memory use during pgsql parsing could lead to OOM-related crashes.

Patches

Upgrade to 7.0.3.

Workarounds

Disable pgsql app layer parser.

References

https://redmine.openinfosecfoundation.org/issues/6411

Credits

Found by OSS-Fuzz using quadfuzz.

Severity

High

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H