FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zeek -- potential DoS vulnerabilities

Affected packages
zeek < 5.0.6

Details

VuXML ID 2b5fc9c4-eaca-46e0-83d0-9b10c51c4b1b
Discovery 2023-02-01
Entry 2023-02-01

Tim Wojtulewicz of Corelight reports:

A missing field in the SMB FSControl script-land record could cause a heap buffer overflow when receiving packets containing those header types.

Receiving a series of packets that start with HTTP/1.0 and then switch to HTTP/0.9 could cause Zeek to spend a large amount of time processing the packets.

Receiving large numbers of FTP commands sequentially from the network with bad data in them could cause Zeek to spend a large amount of time processing the packets, and generate a large amount of events.

References

URL https://github.com/zeek/zeek/releases/tag/v5.0.6