FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zeek -- potential DoS vulnerabilities

Affected packages
zeek < 5.0.4

Details

VuXML ID 658b9198-8106-4c3d-a2aa-dc4a0a7cc3b6
Discovery 2022-11-24
Entry 2022-11-24

Tim Wojtulewicz of Corelight reports:

A specially-crafted series of HTTP 0.9 packets can cause Zeek to spend large amounts of time processing the packets.

A specially-crafted FTP packet can cause Zeek to spend large amounts of time processing the command.

A specially-crafted IPv6 packet can cause Zeek to overflow memory and potentially crash.

[source]

References

URL https://github.com/zeek/zeek/releases/tag/v5.0.4

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.