VuXML ID | Description |
d4d21998-bdc4-4a09-9849-2898d9b41459 | zeek -- several vulnerabilities
Tim Wojtulewicz of Corelight reports:
Paths from log stream make it into system() unchecked,
potentially leading to commands being run on the system
unintentionally. This requires either bad scripting or a
malicious package to be installed, and is considered low
severity.
Fix potential unbounded state growth in the PIA
analyzer when receiving a connection with either a large
number of zero-length packets, or one which continues
ack-ing unseen segments. It is possible to run Zeek out
of memory in these instances and cause it to crash. Due
to the possibility of this happening with packets received
from the network, this is a potential DoS vulnerability.
Discovery 2021-08-26 Entry 2021-09-22 zeek
< 4.0.4
https://github.com/zeek/zeek/releases/tag/v4.0.4
|
96d6809a-81df-46d4-87ed-2f78c79f06b1 | zeek -- potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports:
Receiving DNS responses from async DNS requests (via
A specially-crafted stream of FTP packets containing a
command reply with many intermediate lines can cause Zeek
to spend a large amount of time processing data.
A specially-crafted set of packets containing extremely
large file offsets cause cause the reassembler code to
allocate large amounts of memory.
The DNS manager does not correctly expire responses
that don't contain any data, such those containing NXDOMAIN
or NODATA status codes. This can lead to Zeek allocating
large amounts of memory for these responses and never
deallocating them.
A specially-crafted stream of RDP packets can cause
Zeek to spend large protocol validation.
A specially-crafted stream of SMTP packets can cause
Zeek to spend large amounts of time processing data.
Discovery 2023-04-12 Entry 2023-04-12 zeek
< 5.0.8
https://github.com/zeek/zeek/releases/tag/v5.0.8
|
60d4d31a-a573-41bd-8c1e-5af7513c1ee9 | zeek -- potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports:
Fix an issue where a specially-crafted FTP packet can
cause Zeek to spend large amounts of time attempting to
search for valid commands in the data stream.
Fix a possible overflow in the Zeek dictionary code
that may lead to a memory leak.
Fix an issue where a specially-crafted packet can
cause Zeek to spend large amounts of time reporting
analyzer violations.
Fix a possible assert and crash in the HTTP analyzer
when receiving a specially crafted packet.
Fix an issue where a specially-crafted HTTP or SMTP
packet can cause Zeek to spend a large amount of time
attempting to search for filenames within the packet data.
Fix two separate possible crashes when converting
processed IP headers for logging via the raw_packet event
handlers.
Discovery 2022-11-09 Entry 2022-11-09 zeek
< 5.0.3
https://github.com/zeek/zeek/releases/tag/v5.0.3
|
3e9624b3-e92b-4460-8a5a-93247c52c5a1 | zeek -- Remote crash vulnerability
Jon Siwek of Corelight reports:
Fix ASCII Input reader's treatment of input files
containing null-bytes. An input file containing null-bytes
could lead to a buffer-over-read, crash Zeek, and be
exploited to cause Denial of Service.
Discovery 2021-02-10 Entry 2021-02-22 zeek
< 3.0.13
https://github.com/zeek/zeek/releases/tag/v3.0.13
|
204f1a7a-43df-412f-ad25-7dbe88f54fa4 | zeek -- potential DoS vulnerabilty
Tim Wojtulewicz of Corelight reports:
Fix potential hang in the DNS analyzer when receiving
a specially-crafted packet. Due to the possibility of
this happening with packets received from the network,
this is a potential DoS vulnerability.
Discovery 2022-06-01 Entry 2022-06-03 zeek
< 4.0.7
https://github.com/zeek/zeek/releases/tag/v4.0.7
|
fedf7e71-61bd-49ec-aaf0-6da14bdbb319 | zeek -- potential DoS vulnerability
Tim Wojtulewicz of Corelight reports:
A specially-crafted series of packets containing nested
MIME entities can cause Zeek to spend large amounts of
time parsing the entities.
Discovery 2024-01-22 Entry 2024-01-22 zeek
< 6.0.3
https://github.com/zeek/zeek/releases/tag/v6.0.3
|
a00c76d9-0c05-4d99-bef7-ae4521cb2a4d | zeek -- potential DoS vulnerabilty
Tim Wojtulewicz of Corelight reports:
Fix potential unbounded state growth in the FTP
analyzer when receiving a specially-crafted stream of
commands. This may lead to a buffer overflow and cause
Zeek to crash. Due to the possibility of this happening
with packets received from the network, this is a potential
DoS vulnerabilty.
Discovery 2022-04-21 Entry 2022-04-21 zeek
< 4.0.6
https://github.com/zeek/zeek/releases/tag/v4.0.6
|
3110b29e-c82d-4287-9f6c-db82bb883b1e | zeek -- potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports:
Fix a possible overflow and crash in the ARP analyzer
when receiving a specially crafted packet. Due to the
possibility of this happening with packets received from
the network, this is a potential DoS vulnerability.
Fix a possible overflow and crash in the Modbus analyzer
when receiving a specially crafted packet. Due to the
possibility of this happening with packets received from
the network, this is a potential DoS vulnerability.
Fix two possible crashes when converting IP headers for
output via the raw_packet event. Due to the possibility of
this happening with packets received from the network, this
is a potential DoS vulnerability. Note that the raw_packet
event is not enabled by default so these are likely
low-severity issues.
Fix an abort related to an error related to the ordering
of record fields when processing DNS EDNS headers via events.
Due to the possibility of this happening with packets
received from the network, this is a potential DoS
vulnerability. Note that the dns_EDNS events are not
implemented by default so this is likely a low-severity
issue.
Discovery 2022-08-23 Entry 2022-08-26 zeek
< 5.0.1
https://github.com/zeek/zeek/releases/tag/v5.0.1
|
656b0152-faa9-4755-b08d-aee4a774bd04 | zeek -- potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports:
Fix a possible overflow and crash in the ICMP analyzer
when receiving a specially crafted packet.
Fix a possible overflow and crash in the IRC analyzer
when receiving a specially crafted packet.
Fix a possible overflow and crash in the SMB analyzer
when receiving a specially crafted packet.
Fix two possible crashes when converting IP headers for
output via the raw_packet event.
Discovery 2022-09-19 Entry 2022-09-19 zeek
< 5.0.2
https://github.com/zeek/zeek/releases/tag/v5.0.2
|
2b5fc9c4-eaca-46e0-83d0-9b10c51c4b1b | zeek -- potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports:
A missing field in the SMB FSControl script-land record could
cause a heap buffer overflow when receiving packets containing
those header types.
Receiving a series of packets that start with HTTP/1.0
and then switch to HTTP/0.9 could cause Zeek to spend a
large amount of time processing the packets.
Receiving large numbers of FTP commands sequentially
from the network with bad data in them could cause Zeek
to spend a large amount of time processing the packets,
and generate a large amount of events.
Discovery 2023-02-01 Entry 2023-02-01 zeek
< 5.0.6
https://github.com/zeek/zeek/releases/tag/v5.0.6
|
386a14bb-1a21-41c6-a2cf-08d79213379b | zeek -- potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports:
A specially-crafted SSL packet could cause Zeek to
leak memory and potentially crash.
A specially-crafted series of FTP packets could cause
Zeek to log entries for requests that have already been
completed, using resources unnecessarily and potentially
causing Zeek to lose other traffic.
A specially-crafted series of SSL packets could cause
Zeek to output a very large number of unnecessary alerts
for the same record.
A specially-crafted series of SSL packets could cause
Zeek to generate very long ssl_history fields in the
ssl.log, potentially using a large amount of memory due
to unbounded state growth
A specially-crafted IEEE802.11 packet could cause
Zeek to overflow memory and potentially crash
Discovery 2023-10-27 Entry 2023-10-27 zeek
< 6.0.2
https://github.com/zeek/zeek/releases/tag/v6.0.2
|
1ab7357f-a3c2-406a-89fb-fd00e49a71b5 | zeek -- potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports:
A specially-crafted series of FTP packets with a CMD
command with a large path followed by a very large number
of replies could cause Zeek to spend a long time processing
the data.
A specially-crafted with a truncated header can cause
Zeek to overflow memory and potentially crash.
A specially-crafted series of SMTP packets can cause
Zeek to generate a very large number of events and take
a long time to process them.
A specially-crafted series of POP3 packets containing
MIME data can cause Zeek to spend a long time dealing
with each individual file ID.
Discovery 2023-05-19 Entry 2023-05-19 zeek
< 5.0.9
https://github.com/zeek/zeek/releases/tag/v5.0.9
|
a550d62c-f78d-4407-97d9-93876b6741b9 | zeek -- several potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports:
Fix potential Undefined Behavior in decode_netbios_name()
and decode_netbios_name_type() BIFs. The latter has a
possibility of a remote heap-buffer-overread, making this
a potential DoS vulnerability.
Add some extra length checking when parsing mobile
ipv6 packets. Due to the possibility of reading invalid
headers from remote sources, this is a potential DoS
vulnerability.
Discovery 2021-04-30 Entry 2021-06-02 zeek
< 4.0.2
https://github.com/zeek/zeek/releases/tag/v4.0.2
|
658b9198-8106-4c3d-a2aa-dc4a0a7cc3b6 | zeek -- potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports:
A specially-crafted series of HTTP 0.9 packets can
cause Zeek to spend large amounts of time processing the
packets.
A specially-crafted FTP packet can cause Zeek to spend
large amounts of time processing the command.
A specially-crafted IPv6 packet can cause Zeek to
overflow memory and potentially crash.
Discovery 2022-11-24 Entry 2022-11-24 zeek
< 5.0.4
https://github.com/zeek/zeek/releases/tag/v5.0.4
|
8eefa87f-31f1-496d-bf8e-2b465b6e4e8a | zeek -- potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports:
File extraction limits were not correctly enforced
for files containing large amounts of missing bytes.
Sessions are sometimes not cleaned up completely
within Zeek during shutdown, potentially causing a crash
when using the -B dpd flag for debug logging.
A specially-crafted HTTP packet can cause Zeek's
filename extraction code to take a long time to process
the data.
A specially-crafted series of FTP packets made up of
a CWD request followed by a large amount of ERPT requests
may cause Zeek to spend a long time logging the commands.
A specially-crafted VLAN packet can cause Zeek to
overflow memory and potentially crash.
Discovery 2023-09-12 Entry 2023-09-12 zeek
< 6.0.1
https://github.com/zeek/zeek/releases/tag/v6.0.1
|
bc83cfc9-42cf-4b00-97ad-d352ba0c5e2b | zeek -- null-pointer dereference vulnerability
Jon Siwek of Corelight reports:
Fix null-pointer dereference when encountering an
invalid enum name in a config/input file that tries to
read it into a set[enum]. For those that have such an
input feed whose contents may come from external/remote
sources, this is a potential DoS vulnerability.
Discovery 2021-04-01 Entry 2021-04-21 zeek
< 4.0.1
https://github.com/zeek/zeek/releases/tag/v4.0.1
|
7a425536-74f7-4ce4-9768-0079a9d44d11 | zeek -- potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports:
Receiving DNS responses from async DNS requests (via
the lookup_addr, etc BIF methods) with the TTL set to
zero could cause the DNS manager to eventually stop being
able to make new requests.
Specially-crafted FTP packets with excessively long
usernames, passwords, or other fields could cause log
writes to use large amounts of disk space.
The find_all and find_all_ordered BIF methods could
take extremely large amounts of time to process incoming
data depending on the size of the input.
Discovery 2023-02-21 Entry 2023-02-21 zeek
< 5.0.7
https://github.com/zeek/zeek/releases/tag/v5.0.7
|