FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a550d62c-f78d-4407-97d9-93876b6741b9zeek -- several potential DoS vulnerabilities

Tim Wojtulewicz of Corelight reports:

Fix potential Undefined Behavior in decode_netbios_name() and decode_netbios_name_type() BIFs. The latter has a possibility of a remote heap-buffer-overread, making this a potential DoS vulnerability.

Add some extra length checking when parsing mobile ipv6 packets. Due to the possibility of reading invalid headers from remote sources, this is a potential DoS vulnerability.


Discovery 2021-04-30
Entry 2021-06-02
zeek
< 4.0.2

https://github.com/zeek/zeek/releases/tag/v4.0.2
d4d21998-bdc4-4a09-9849-2898d9b41459zeek -- several vulnerabilities

Tim Wojtulewicz of Corelight reports:

Paths from log stream make it into system() unchecked, potentially leading to commands being run on the system unintentionally. This requires either bad scripting or a malicious package to be installed, and is considered low severity.

Fix potential unbounded state growth in the PIA analyzer when receiving a connection with either a large number of zero-length packets, or one which continues ack-ing unseen segments. It is possible to run Zeek out of memory in these instances and cause it to crash. Due to the possibility of this happening with packets received from the network, this is a potential DoS vulnerability.


Discovery 2021-08-26
Entry 2021-09-22
zeek
< 4.0.4

https://github.com/zeek/zeek/releases/tag/v4.0.4
769a4f60-9056-4c27-89a1-1758a59a21f8zeek -- Vulnerability due to memory leak

Jon Siwek of Corelight reports:

This release fixes the following security issue:

  • A memory leak in multipart MIME code has potential for remote exploitation and cause for Denial of Service via resource exhaustion.

Discovery 2020-09-29
Entry 2020-10-07
zeek
< 3.0.11

https://github.com/zeek/zeek/releases/tag/v3.0.11
3e9624b3-e92b-4460-8a5a-93247c52c5a1zeek -- Remote crash vulnerability

Jon Siwek of Corelight reports:

Fix ASCII Input reader's treatment of input files containing null-bytes. An input file containing null-bytes could lead to a buffer-over-read, crash Zeek, and be exploited to cause Denial of Service.


Discovery 2021-02-10
Entry 2021-02-22
zeek
< 3.0.13

https://github.com/zeek/zeek/releases/tag/v3.0.13
2c92fdd3-896c-4a5a-a0d8-52acee69182dzeek -- Various vulnerabilities

Jon Siwek of Corelight reports:

This release fixes the following security issue:

  • The AYIYA and GTPv1 parsing/decapsulation logic may leak memory -- These leaks have potential for remote exploitation to cause Denial of Service via resource exhaustion.

Discovery 2020-08-28
Entry 2020-09-09
zeek
< 3.0.10

https://github.com/zeek/zeek/releases/tag/v3.0.10
a00c76d9-0c05-4d99-bef7-ae4521cb2a4dzeek -- potential DoS vulnerabilty

Tim Wojtulewicz of Corelight reports:

Fix potential unbounded state growth in the FTP analyzer when receiving a specially-crafted stream of commands. This may lead to a buffer overflow and cause Zeek to crash. Due to the possibility of this happening with packets received from the network, this is a potential DoS vulnerabilty.


Discovery 2022-04-21
Entry 2022-04-21
zeek
< 4.0.6

https://github.com/zeek/zeek/releases/tag/v4.0.6
e333084c-9588-4eee-8bdc-323e02cb4fe0zeek -- Various vulnerabilities

Jon Siwek of Corelight reports:

This release fixes the following security issues:

  • Fix potential DNS analyzer stack overflow
  • Fix potential NetbiosSSN analyzer stack overflow

Discovery 2020-07-28
Entry 2020-07-28
zeek
< 3.0.8

https://github.com/zeek/zeek/releases/tag/v3.0.8
bc83cfc9-42cf-4b00-97ad-d352ba0c5e2bzeek -- null-pointer dereference vulnerability

Jon Siwek of Corelight reports:

Fix null-pointer dereference when encountering an invalid enum name in a config/input file that tries to read it into a set[enum]. For those that have such an input feed whose contents may come from external/remote sources, this is a potential DoS vulnerability.


Discovery 2021-04-01
Entry 2021-04-21
zeek
< 4.0.1

https://github.com/zeek/zeek/releases/tag/v4.0.1
204f1a7a-43df-412f-ad25-7dbe88f54fa4zeek -- potential DoS vulnerabilty

Tim Wojtulewicz of Corelight reports:

Fix potential hang in the DNS analyzer when receiving a specially-crafted packet. Due to the possibility of this happening with packets received from the network, this is a potential DoS vulnerability.


Discovery 2022-06-01
Entry 2022-06-03
zeek
< 4.0.7

https://github.com/zeek/zeek/releases/tag/v4.0.7