Tim Wojtulewicz of Corelight reports:
File extraction limits were not correctly enforced
for files containing large amounts of missing bytes.
Sessions are sometimes not cleaned up completely
within Zeek during shutdown, potentially causing a crash
when using the -B dpd flag for debug logging.
A specially-crafted HTTP packet can cause Zeek's
filename extraction code to take a long time to process
A specially-crafted series of FTP packets made up of
a CWD request followed by a large amount of ERPT requests
may cause Zeek to spend a long time logging the commands.
A specially-crafted VLAN packet can cause Zeek to
overflow memory and potentially crash.