FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zeek -- potential DoS vulnerabilty

Affected packages
zeek < 4.0.6

Details

VuXML ID a00c76d9-0c05-4d99-bef7-ae4521cb2a4d
Discovery 2022-04-21
Entry 2022-04-21

Tim Wojtulewicz of Corelight reports:

Fix potential unbounded state growth in the FTP analyzer when receiving a specially-crafted stream of commands. This may lead to a buffer overflow and cause Zeek to crash. Due to the possibility of this happening with packets received from the network, this is a potential DoS vulnerabilty.

References

URL https://github.com/zeek/zeek/releases/tag/v4.0.6