FreeBSD: VID-8EEFA87F-31F1-496D-BF8E-2B465B6E4E8A: zeek -- potential DoS vulnerabilities

Tim Wojtulewicz of Corelight reports:

File extraction limits were not correctly enforced

for files containing large amounts of missing bytes.

Sessions are sometimes not cleaned up completely

within Zeek during shutdown, potentially causing a crash

when using the -B dpd flag for debug logging.

A specially-crafted HTTP packet can cause Zeek's

filename extraction code to take a long time to process

the data.

A specially-crafted series of FTP packets made up of

a CWD request followed by a large amount of ERPT requests

may cause Zeek to spend a long time logging the commands.

A specially-crafted VLAN packet can cause Zeek to

overflow memory and potentially crash.