FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zeek -- Remote crash vulnerability

Affected packages
zeek < 3.0.13

Details

VuXML ID 3e9624b3-e92b-4460-8a5a-93247c52c5a1
Discovery 2021-02-10
Entry 2021-02-22

Jon Siwek of Corelight reports:

Fix ASCII Input reader's treatment of input files containing null-bytes. An input file containing null-bytes could lead to a buffer-over-read, crash Zeek, and be exploited to cause Denial of Service.

References

URL https://github.com/zeek/zeek/releases/tag/v3.0.13