vulnerability
FreeBSD: VID-55571619-454e-4769-b1e5-28354659e152: bro -- invalid memory access or heap buffer over-read
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Sep 17, 2019 | Sep 18, 2019 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Sep 17, 2019
Added
Sep 18, 2019
Modified
Dec 10, 2025
Description
Jon Siwek of Corelight reports: This is a security patch release to address a potential Denial of Service vulnerability: The NTLM analyzer did not properly handle AV Pair sequences that were either empty or unterminated, resulting in invalid memory access or heap buffer over-read. The NTLM analyzer is enabled by default and used in the analysis of SMB, DCE/RPC, and GSSAPI protocols.
Solution
freebsd-upgrade-package-bro
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.