VuXML ID | Description |
656b0152-faa9-4755-b08d-aee4a774bd04 | zeek -- potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports:
Fix a possible overflow and crash in the ICMP analyzer
when receiving a specially crafted packet.
Fix a possible overflow and crash in the IRC analyzer
when receiving a specially crafted packet.
Fix a possible overflow and crash in the SMB analyzer
when receiving a specially crafted packet.
Fix two possible crashes when converting IP headers for
output via the raw_packet event.
Discovery 2022-09-19 Entry 2022-09-19 zeek
< 5.0.2
https://github.com/zeek/zeek/releases/tag/v5.0.2
|
204f1a7a-43df-412f-ad25-7dbe88f54fa4 | zeek -- potential DoS vulnerabilty
Tim Wojtulewicz of Corelight reports:
Fix potential hang in the DNS analyzer when receiving
a specially-crafted packet. Due to the possibility of
this happening with packets received from the network,
this is a potential DoS vulnerability.
Discovery 2022-06-01 Entry 2022-06-03 zeek
< 4.0.7
https://github.com/zeek/zeek/releases/tag/v4.0.7
|
a00c76d9-0c05-4d99-bef7-ae4521cb2a4d | zeek -- potential DoS vulnerabilty
Tim Wojtulewicz of Corelight reports:
Fix potential unbounded state growth in the FTP
analyzer when receiving a specially-crafted stream of
commands. This may lead to a buffer overflow and cause
Zeek to crash. Due to the possibility of this happening
with packets received from the network, this is a potential
DoS vulnerabilty.
Discovery 2022-04-21 Entry 2022-04-21 zeek
< 4.0.6
https://github.com/zeek/zeek/releases/tag/v4.0.6
|
3110b29e-c82d-4287-9f6c-db82bb883b1e | zeek -- potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports:
Fix a possible overflow and crash in the ARP analyzer
when receiving a specially crafted packet. Due to the
possibility of this happening with packets received from
the network, this is a potential DoS vulnerability.
Fix a possible overflow and crash in the Modbus analyzer
when receiving a specially crafted packet. Due to the
possibility of this happening with packets received from
the network, this is a potential DoS vulnerability.
Fix two possible crashes when converting IP headers for
output via the raw_packet event. Due to the possibility of
this happening with packets received from the network, this
is a potential DoS vulnerability. Note that the raw_packet
event is not enabled by default so these are likely
low-severity issues.
Fix an abort related to an error related to the ordering
of record fields when processing DNS EDNS headers via events.
Due to the possibility of this happening with packets
received from the network, this is a potential DoS
vulnerability. Note that the dns_EDNS events are not
implemented by default so this is likely a low-severity
issue.
Discovery 2022-08-23 Entry 2022-08-26 zeek
< 5.0.1
https://github.com/zeek/zeek/releases/tag/v5.0.1
|
60d4d31a-a573-41bd-8c1e-5af7513c1ee9 | zeek -- potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports:
Fix an issue where a specially-crafted FTP packet can
cause Zeek to spend large amounts of time attempting to
search for valid commands in the data stream.
Fix a possible overflow in the Zeek dictionary code
that may lead to a memory leak.
Fix an issue where a specially-crafted packet can
cause Zeek to spend large amounts of time reporting
analyzer violations.
Fix a possible assert and crash in the HTTP analyzer
when receiving a specially crafted packet.
Fix an issue where a specially-crafted HTTP or SMTP
packet can cause Zeek to spend a large amount of time
attempting to search for filenames within the packet data.
Fix two separate possible crashes when converting
processed IP headers for logging via the raw_packet event
handlers.
Discovery 2022-11-09 Entry 2022-11-09 zeek
< 5.0.3
https://github.com/zeek/zeek/releases/tag/v5.0.3
|
d4d21998-bdc4-4a09-9849-2898d9b41459 | zeek -- several vulnerabilities
Tim Wojtulewicz of Corelight reports:
Paths from log stream make it into system() unchecked,
potentially leading to commands being run on the system
unintentionally. This requires either bad scripting or a
malicious package to be installed, and is considered low
severity.
Fix potential unbounded state growth in the PIA
analyzer when receiving a connection with either a large
number of zero-length packets, or one which continues
ack-ing unseen segments. It is possible to run Zeek out
of memory in these instances and cause it to crash. Due
to the possibility of this happening with packets received
from the network, this is a potential DoS vulnerability.
Discovery 2021-08-26 Entry 2021-09-22 zeek
< 4.0.4
https://github.com/zeek/zeek/releases/tag/v4.0.4
|