Software: suricata, v. 4.1.4
Language: C
Risk: medium / high
Type: heap buffer overflow (logics bug)

Description: This bug was found by libFuzzer By sending a corrupted SSLv3 (TLS_1.2), the parser function TLSDecodeHSHelloExtensions(...) (line 1103) tried to access to a memory region that was not allocated. Reason: the expected length of HSHelloExtensions does not match with the "real" length of the part HSHelloExtensions of the packet. Solution: check whether the input has a valid length or at least the minimal of the part "HSHelloExtensions".

Status: published