HomeFreeBSD
Diffusion FreeBSD ports repository f85e384228a2

security/vuxml: Mark zeek < 6.0.2 as vulnerable as per:
f85e384228a2
Actions

Description

security/vuxml: Mark zeek < 6.0.2 as vulnerable as per:

https://github.com/zeek/zeek/releases/tag/v6.0.2

This release fixes the following potential DoS vulnerabilities:

  • A specially-crafted SSL packet could cause Zeek to leak memory and potentially crash.
  • A specially-crafted series of FTP packets could cause Zeek to log entries for requests that have already been completed, using resources unnecessarily and potentially causing Zeek to lose other traffic.
  • A specially-crafted series of SSL packets could cause Zeek to output a very large number of unnecessary alerts for the same record.
  • A specially-crafted series of SSL packets could cause Zeek to generate very long ssl_history fields in the ssl.log, potentially using a large amount of memory due to unbounded state growth
  • A specially-crafted IEEE802.11 packet could cause Zeek to overflow memory and potentially crash

Reported by: Tim Wojtulewicz

Details

Provenance
leresAuthored on Oct 27 2023, 10:25 PM
Parents
R11:54d0745e54f8: irc/weechat: Update to 4.1.1
Branches
Unknown
Tags
Unknown
Reverted By
R11:7758ba113e1b: security/zeek: revert f85e384: inadvertent update

Changes (3)

PathSize
security/
vuxml/
vuln/
zeek/

R11:f85e384228a2

View Options

security/vuxml/vuln/2023.xml

Loading...
View Options

security/zeek/Makefile

Loading...
View Options

security/zeek/distinfo

Loading...