FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zeek -- null-pointer dereference vulnerability

Affected packages
zeek < 4.0.1


VuXML ID bc83cfc9-42cf-4b00-97ad-d352ba0c5e2b
Discovery 2021-04-01
Entry 2021-04-21

Jon Siwek of Corelight reports:

Fix null-pointer dereference when encountering an invalid enum name in a config/input file that tries to read it into a set[enum]. For those that have such an input feed whose contents may come from external/remote sources, this is a potential DoS vulnerability.