FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
fedf7e71-61bd-49ec-aaf0-6da14bdbb319	zeek -- potential DoS vulnerability Tim Wojtulewicz of Corelight reports: A specially-crafted series of packets containing nested MIME entities can cause Zeek to spend large amounts of time parsing the entities. Discovery 2024-01-22 Entry 2024-01-22 zeek < 6.0.3 https://github.com/zeek/zeek/releases/tag/v6.0.3
386a14bb-1a21-41c6-a2cf-08d79213379b	zeek -- potential DoS vulnerabilities Tim Wojtulewicz of Corelight reports: A specially-crafted SSL packet could cause Zeek to leak memory and potentially crash. A specially-crafted series of FTP packets could cause Zeek to log entries for requests that have already been completed, using resources unnecessarily and potentially causing Zeek to lose other traffic. A specially-crafted series of SSL packets could cause Zeek to output a very large number of unnecessary alerts for the same record. A specially-crafted series of SSL packets could cause Zeek to generate very long ssl_history fields in the ssl.log, potentially using a large amount of memory due to unbounded state growth A specially-crafted IEEE802.11 packet could cause Zeek to overflow memory and potentially crash Discovery 2023-10-27 Entry 2023-10-27 zeek < 6.0.2 https://github.com/zeek/zeek/releases/tag/v6.0.2
8eefa87f-31f1-496d-bf8e-2b465b6e4e8a	zeek -- potential DoS vulnerabilities Tim Wojtulewicz of Corelight reports: File extraction limits were not correctly enforced for files containing large amounts of missing bytes. Sessions are sometimes not cleaned up completely within Zeek during shutdown, potentially causing a crash when using the -B dpd flag for debug logging. A specially-crafted HTTP packet can cause Zeek's filename extraction code to take a long time to process the data. A specially-crafted series of FTP packets made up of a CWD request followed by a large amount of ERPT requests may cause Zeek to spend a long time logging the commands. A specially-crafted VLAN packet can cause Zeek to overflow memory and potentially crash. Discovery 2023-09-12 Entry 2023-09-12 zeek < 6.0.1 https://github.com/zeek/zeek/releases/tag/v6.0.1

VuXML ID

Description

fedf7e71-61bd-49ec-aaf0-6da14bdbb319

zeek -- potential DoS vulnerability

Tim Wojtulewicz of Corelight reports:

A specially-crafted series of packets containing nested MIME entities can cause Zeek to spend large amounts of time parsing the entities.

Discovery 2024-01-22
Entry 2024-01-22
zeek

< 6.0.3

https://github.com/zeek/zeek/releases/tag/v6.0.3

386a14bb-1a21-41c6-a2cf-08d79213379b

zeek -- potential DoS vulnerabilities

Tim Wojtulewicz of Corelight reports:

A specially-crafted SSL packet could cause Zeek to leak memory and potentially crash.

A specially-crafted series of FTP packets could cause Zeek to log entries for requests that have already been completed, using resources unnecessarily and potentially causing Zeek to lose other traffic.

A specially-crafted series of SSL packets could cause Zeek to output a very large number of unnecessary alerts for the same record.

A specially-crafted series of SSL packets could cause Zeek to generate very long ssl_history fields in the ssl.log, potentially using a large amount of memory due to unbounded state growth

A specially-crafted IEEE802.11 packet could cause Zeek to overflow memory and potentially crash

Discovery 2023-10-27
Entry 2023-10-27
zeek

< 6.0.2

https://github.com/zeek/zeek/releases/tag/v6.0.2

8eefa87f-31f1-496d-bf8e-2b465b6e4e8a

zeek -- potential DoS vulnerabilities

Tim Wojtulewicz of Corelight reports:

File extraction limits were not correctly enforced for files containing large amounts of missing bytes.

Sessions are sometimes not cleaned up completely within Zeek during shutdown, potentially causing a crash when using the -B dpd flag for debug logging.

A specially-crafted HTTP packet can cause Zeek's filename extraction code to take a long time to process the data.

A specially-crafted series of FTP packets made up of a CWD request followed by a large amount of ERPT requests may cause Zeek to spend a long time logging the commands.

A specially-crafted VLAN packet can cause Zeek to overflow memory and potentially crash.

Discovery 2023-09-12
Entry 2023-09-12
zeek

< 6.0.1

https://github.com/zeek/zeek/releases/tag/v6.0.1