Описание
htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libhtp | fixed | 1:0.5.28-1 | package | |
| suricata | fixed | 1:4.0.0-1 | package | |
| suricata | no-dsa | stretch | package |
Примечания
suricata used the embedded copy of libhtp up to before 1:4.0.0-1.
https://github.com/OISF/libhtp/issues/169
https://github.com/OISF/libhtp/commit/eefd4b7d2be663f6067362f29c81e6edf909145a
https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/
Связанные уязвимости
htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.
htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.
htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.