FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zeek -- Various vulnerabilities

Affected packages
		zeek	<	3.0.7

Details

VuXML ID	9f7ae7ea-da93-4f86-b257-ba76707f6d5d
Discovery	2020-05-04
Entry	2020-06-10

Jon Siwek of Corelight reports:

This release fixes the following security issues:

Fix potential stack overflow in NVT analyzer

Fix NVT analyzer memory leak from multiple telnet authn name options

Fix multiple content-transfer-encoding headers causing a memory leak

Fix potential leak of Analyzers added to tree during Analyzer::Done

Prevent IP fragment reassembly on packets without minimal IP header

[source]

References

URL	https://raw.githubusercontent.com/zeek/zeek/v3.0.7/NEWS