diff options
| author | Craig Leres <leres@FreeBSD.org> | 2023-05-19 17:35:07 +0000 |
|---|---|---|
| committer | Craig Leres <leres@FreeBSD.org> | 2023-05-19 17:35:07 +0000 |
| commit | bc531907561defe0b7a478fdd306384c863c2049 (patch) | |
| tree | 5b825994ba865b80a712fe44db664d27ccd05e1b | |
| parent | a0ef5898beb4c6a73e9d94aaa452c0eb37cbb14c (diff) | |
| download | ports-bc531907561defe0b7a478fdd306384c863c2049.tar.gz ports-bc531907561defe0b7a478fdd306384c863c2049.zip | |
security/vuxml: Mark zeek < 5.0.9 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.9
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted series of FTP packets with a CMD command
with a large path followed by a very large number of replies
could cause Zeek to spend a long time processing the data.
- A specially-crafted with a truncated header can cause Zeek to
overflow memory and potentially crash.
- A specially-crafted series of SMTP packets can cause Zeek to
generate a very large number of events and take a long time to
process them.
- A specially-crafted series of POP3 packets containing MIME data
can cause Zeek to spend a long time dealing with each individual
file ID.
Reported by: Tim Wojtulewicz
| -rw-r--r-- | security/vuxml/vuln/2023.xml | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 599b125f6019..278b801d60b7 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,39 @@ + <vuln vid="1ab7357f-a3c2-406a-89fb-fd00e49a71b5"> + <topic>zeek -- potential DoS vulnerabilities</topic> + <affects> + <package> + <name>zeek</name> + <range><lt>5.0.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Tim Wojtulewicz of Corelight reports:</p> + <blockquote cite="https://github.com/zeek/zeek/releases/tag/v5.0.9"> + <p> A specially-crafted series of FTP packets with a CMD + command with a large path followed by a very large number + of replies could cause Zeek to spend a long time processing + the data. </p> + <p> A specially-crafted with a truncated header can cause + Zeek to overflow memory and potentially crash. </p> + <p> A specially-crafted series of SMTP packets can cause + Zeek to generate a very large number of events and take + a long time to process them. </p> + <p> A specially-crafted series of POP3 packets containing + MIME data can cause Zeek to spend a long time dealing + with each individual file ID. </p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/zeek/zeek/releases/tag/v5.0.9</url> + </references> + <dates> + <discovery>2023-05-19</discovery> + <entry>2023-05-19</entry> + </dates> + </vuln> + <vuln vid="b09d77d0-b27c-48ae-b69b-9641bb68b39e"> <topic>electron -- vulnerability</topic> <affects> |