mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2d5172aaf3
Ticket: 8289
If stream.reassembly.depth is unlimited,
an attacker controlling the 2 sides of a communication going through Suricata
can send a transition with an infinite number of headers, until suricata OOMs
Solution is to offer a configuration option to bound the number
of HTTP2 frames we store in a HTTP2 transaction, and produce an
anomaly if this bound is crossed
(cherry picked from commit
|
1 month ago | |
|---|---|---|
| .. | ||
| applayertemplate | ||
| asn1 | ||
| bittorrent_dht | ||
| dcerpc | 3 months ago | |
| detect | 2 months ago | |
| dhcp | ||
| dns | 10 months ago | |
| enip | 10 months ago | |
| ffi | ||
| ftp | 4 months ago | |
| http2 | 1 month ago | |
| ike | 6 months ago | |
| krb | 2 months ago | |
| ldap | 2 months ago | |
| mdns | ||
| mime | 1 month ago | |
| modbus | 4 months ago | |
| mqtt | 10 months ago | |
| nfs | 3 months ago | |
| ntp | ||
| pgsql | 10 months ago | |
| pop3 | 3 months ago | |
| quic | ||
| rdp | 10 months ago | |
| rfb | 10 months ago | |
| sdp | ||
| sip | 10 months ago | |
| smb | 3 months ago | |
| snmp | 9 months ago | |
| ssh | 10 months ago | |
| telnet | ||
| tftp | ||
| utils | ||
| websocket | 10 months ago | |
| x509 | 3 months ago | |
| applayer.rs | ||
| common.rs | ||
| conf.rs | ||
| core.rs | 10 months ago | |
| debug.rs | ||
| direction.rs | ||
| feature.rs | ||
| filecontainer.rs | ||
| filetracker.rs | ||
| flow.rs | ||
| frames.rs | ||
| handshake.rs | ||
| ja4.rs | ||
| jsonbuilder.rs | 6 months ago | |
| kerberos.rs | ||
| lib.rs | ||
| lua.rs | ||
| lzma.rs | ||
| plugin.rs | ||
| tls_version.rs | ||
| util.rs | 1 month ago | |