FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zeek -- potential DoS vulnerabilities

Affected packages
zeek < 5.0.9


VuXML ID 1ab7357f-a3c2-406a-89fb-fd00e49a71b5
Discovery 2023-05-19
Entry 2023-05-19

Tim Wojtulewicz of Corelight reports:

A specially-crafted series of FTP packets with a CMD command with a large path followed by a very large number of replies could cause Zeek to spend a long time processing the data.

A specially-crafted with a truncated header can cause Zeek to overflow memory and potentially crash.

A specially-crafted series of SMTP packets can cause Zeek to generate a very large number of events and take a long time to process them.

A specially-crafted series of POP3 packets containing MIME data can cause Zeek to spend a long time dealing with each individual file ID.