vulnerability
FreeBSD: VID-8EEFA87F-31F1-496D-BF8E-2B465B6E4E8A: zeek -- potential DoS vulnerabilities
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | 2023-09-12 | 2023-09-13 | 2025-02-19 |
Description
Tim Wojtulewicz of Corelight reports:
File extraction limits were not correctly enforced
for files containing large amounts of missing bytes.
Sessions are sometimes not cleaned up completely
within Zeek during shutdown, potentially causing a crash
when using the -B dpd flag for debug logging.
A specially-crafted HTTP packet can cause Zeek's
filename extraction code to take a long time to process
the data.
A specially-crafted series of FTP packets made up of
a CWD request followed by a large amount of ERPT requests
may cause Zeek to spend a long time logging the commands.
A specially-crafted VLAN packet can cause Zeek to
overflow memory and potentially crash.
Solution
References

Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.