FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zeek -- potential DoS vulnerabilities

Affected packages
zeek < 8.0.7

Details

VuXML ID 0d8b1126-0864-4934-b63f-c713526ead32
Discovery 2026-04-20
Entry 2026-04-20

Tim Wojtulewicz of Corelight reports:

A series of DNS messages containing long DNS compression chains can cause Zeek to spend a long time processing packets and potentially crash. Due to the fact that these packets can be received from remote hosts, this is a DoS risk.

A specially-crafted LDAP search request can cause Zeek to spend a long time processing the packet, resulting in Zeek silently dropping the LDAP analyzer for the connection. Due to the fact that these packets can be received from remote hosts, this is an evasion risk.

A specially-crafted series of ASN.1 messages in LDAP packets can cause Zeek to spend a long time processing the packets, resulting in Zeek silently dropping the LDAP analyzer for the connection. Due to the fact that these packets can be received from remote hosts, this is an evasion risk.

[source]

References

URL https://github.com/zeek/zeek/releases/tag/v8.0.7

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.