FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zeek -- null-pointer dereference vulnerability

Affected packages
zeek < 4.0.1

Details

VuXML ID bc83cfc9-42cf-4b00-97ad-d352ba0c5e2b
Discovery 2021-04-01
Entry 2021-04-21

Jon Siwek of Corelight reports:

Fix null-pointer dereference when encountering an invalid enum name in a config/input file that tries to read it into a set[enum]. For those that have such an input feed whose contents may come from external/remote sources, this is a potential DoS vulnerability.

References

URL https://github.com/zeek/zeek/releases/tag/v4.0.1