zeek -- potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports:
Receiving DNS responses from async DNS requests (via
A specially-crafted stream of FTP packets containing a
command reply with many intermediate lines can cause Zeek
to spend a large amount of time processing data.
A specially-crafted set of packets containing extremely
large file offsets cause cause the reassembler code to
allocate large amounts of memory.
The DNS manager does not correctly expire responses
that don't contain any data, such those containing NXDOMAIN
or NODATA status codes. This can lead to Zeek allocating
large amounts of memory for these responses and never
A specially-crafted stream of RDP packets can cause
Zeek to spend large protocol validation.
A specially-crafted stream of SMTP packets can cause
Zeek to spend large amounts of time processing data.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright