vulnerability
FreeBSD: VID-fe7031d3-3000-4b43-9fa6-52c2b624b8f9: zeek -- potential DoS vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Oct 5, 2024 | Oct 6, 2024 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Oct 5, 2024
Added
Oct 6, 2024
Modified
Dec 10, 2025
Description
Tim Wojtulewicz of Corelight reports: Adding to the POP3 hardening in 7.0.2, the parser now simply discards too many pending commands, rather than any attempting to process them. Further, invalid server responses do not result in command completion anymore. Processing out-of-order commands or finishing commands based on invalid server responses could result in inconsistent analyzer state, potentially triggering null pointer references for crafted traffic.
Solution
freebsd-upgrade-package-zeek
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.