vulnerability

FreeBSD: VID-8EEFA87F-31F1-496D-BF8E-2B465B6E4E8A: zeek -- potential DoS vulnerabilities

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
2023-09-12
Added
2023-09-13
Modified
2025-02-19

Description



Tim Wojtulewicz of Corelight reports:



File extraction limits were not correctly enforced


for files containing large amounts of missing bytes.


Sessions are sometimes not cleaned up completely


within Zeek during shutdown, potentially causing a crash


when using the -B dpd flag for debug logging.


A specially-crafted HTTP packet can cause Zeek's


filename extraction code to take a long time to process


the data.


A specially-crafted series of FTP packets made up of


a CWD request followed by a large amount of ERPT requests


may cause Zeek to spend a long time logging the commands.



A specially-crafted VLAN packet can cause Zeek to


overflow memory and potentially crash.




Solution

freebsd-upgrade-package-zeek

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.