Suricata NULL Pointer Dereference Vulnerability in TLS Subject Alternative Name Handling

A vulnerability in Suricata version 8.0.0 allows for a NULL pointer dereference when the 'tls.subjectaltname' keyword is used. This issue arises because the decoded subject alternative name can contain a NULL byte, leading to a segmentation fault. The vulnerability is present in the network IDS, IPS, and NSM engine developed by the Open Information Security Foundation (OISF) and the Suricata community.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the Suricata process.

Reproduction

The vulnerability can be reproduced by using a crafted TLS packet that includes a subject alternative name with a NULL byte. This can be done by manually fuzzing TLS packets and including a NULL byte in the subject alternative name field.

Remediation

Users can update to Suricata version 8.0.1, which addresses this vulnerability. Instructions for downloading the latest version are available on the Open Information Security Foundation website.