You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
victorjulien
published
GHSA-q33q-45cr-3cpcFeb 26, 2024
Package
suricata
Affected versions
<= 6.0.15
>= 7.0.0, <= 7.0.2
Patched versions
6.0.16
7.0.3
Description
Impact
An attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service.
Patches
Upgrade to 6.0.16 or 7.0.3.
Workarounds
Disable affected protocol app-layer parser in the yaml.
A reduced stream.reassembly.depth value helps reduce the severity of the issue.
Impact
An attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service.
Patches
Upgrade to 6.0.16 or 7.0.3.
Workarounds
Disable affected protocol app-layer parser in the yaml.
A reduced
stream.reassembly.depth
value helps reduce the severity of the issue.References
https://redmine.openinfosecfoundation.org/issues/6658 (6.0.x)
https://redmine.openinfosecfoundation.org/issues/6659 (6.0.x)
https://redmine.openinfosecfoundation.org/issues/6660 (6.0.x)
https://redmine.openinfosecfoundation.org/issues/6532 (7.0.x)
https://redmine.openinfosecfoundation.org/issues/6540 (7.0.x)
https://redmine.openinfosecfoundation.org/issues/6531 (7.0.x)
These tickets are private until about 2 weeks after release.
Credits
Found by OSS-Fuzz using quadfuzz.