diff options
author | Craig Leres <leres@FreeBSD.org> | 2022-11-09 04:08:16 +0300 |
---|---|---|
committer | Craig Leres <leres@FreeBSD.org> | 2022-11-09 04:08:16 +0300 |
commit | 50d9f85ce609b05ce87cd233b9b355659698f435 (patch) | |
tree | 0e22bf5714d6a3c2cec31ce61e7311067ceb7438 /security | |
parent | 23cc43859179b1bb1b6932ccee2559ed5f66a968 (diff) |
security/vuxml: Mark zeek < 5.0.3 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.3
This release fixes the following potential DoS vulnerabilities:
- Fix an issue where a specially-crafted FTP packet can cause Zeek
to spend large amounts of time attempting to search for valid
commands in the data stream.
- Fix a possible overflow in the Zeek dictionary code that may
lead to a memory leak.
- Fix an issue where a specially-crafted packet can cause Zeek to
spend large amounts of time reporting analyzer violations.
- Fix a possible assert and crash in the HTTP analyzer when receiving
a specially-crafted packet.
- Fix an issue where a specially-crafted HTTP or SMTP packet can
cause Zeek to spend a large amount of time attempting to search
for filenames within the packet data.
- Fix two separate possible crashes when converting processed IP
headers for logging via the raw_packet event handlers.
This release fixes the following bugs:
- Fix a possible crash with when statements where lambda captures
of local variables sometimes overflowed the frame counter.
- Reduced the amount of analyzer_confirmation events that are
raised for packets that contain tunnels.
- Fix a long-standing bug where TCP reassembly would not function
correctly for some analyzers if dpd_reassemble_first_packets was
set to false.
- Fix a performance bug in the Zeek dictionary code in certain
cases, such as copying a large number of entries from one
dictionary into another.
- Fix a performance issue when inserting large numbers of elements
into a Broker store when Broker::scheduler_policy is set to
stealing.
- Fix a Broker performance issue when distributing large amounts
of data from the input framework to proxies/workers at startup.
- Fix an issue with messaging between proxies and workers that
resulted in error messages being reported.
- Updated the list of DNS type strings to reflect the correct.
Reported by: Tim Wojtulewicz
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln-2022.xml | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index e13d7d8ed980..317a49da5694 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,44 @@ + <vuln vid="60d4d31a-a573-41bd-8c1e-5af7513c1ee9"> + <topic>zeek -- potential DoS vulnerabilities</topic> + <affects> + <package> + <name>zeek</name> + <range><lt>5.0.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Tim Wojtulewicz of Corelight reports:</p> + <blockquote cite="https://github.com/zeek/zeek/releases/tag/v5.0.3"> + <p> Fix an issue where a specially-crafted FTP packet can + cause Zeek to spend large amounts of time attempting to + search for valid commands in the data stream. </p> + <p> Fix a possible overflow in the Zeek dictionary code + that may lead to a memory leak. </p> + <p> Fix an issue where a specially-crafted packet can + cause Zeek to spend large amounts of time reporting + analyzer violations. </p> + <p> Fix a possible assert and crash in the HTTP analyzer + when receiving a specially crafted packet. </p> + <p> Fix an issue where a specially-crafted HTTP or SMTP + packet can cause Zeek to spend a large amount of time + attempting to search for filenames within the packet data. + </p> + <p> Fix two separate possible crashes when converting + processed IP headers for logging via the raw_packet event + handlers. </p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/zeek/zeek/releases/tag/v5.0.3</url> + </references> + <dates> + <discovery>2022-11-09</discovery> + <entry>2022-11-09</entry> + </dates> + </vuln> + <vuln vid="9c399521-5f80-11ed-8ac4-b42e991fc52e"> <topic>darkhttpd -- DOS vulnerability</topic> <affects> |