HomeFreeBSD
Diffusion FreeBSD ports repository eb9cc2b88cb8

security/vuxml: Mark zeek < 5.0.6 as vulnerable as per:
eb9cc2b88cb8
Actions

Description

security/vuxml: Mark zeek < 5.0.6 as vulnerable as per:

https://github.com/zeek/zeek/releases/tag/v5.0.6

This release fixes the following potential DoS vulnerabilities:

  • A missing field in the SMB FSControl script-land record could cause a heap buffer overflow when receiving packets containing those header types.
  • Receiving a series of packets that start with HTTP/1.0 and then switch to HTTP/0.9 could cause Zeek to spend a large amount of time processing the packets.
  • Receiving large numbers of FTP commands sequentially from the network with bad data in them could cause Zeek to spend a large amount of time processing the packets, and generate a large amount of events.

Reported by: Tim Wojtulewicz

Details

Provenance
leresAuthored on Feb 1 2023, 7:04 PM
Parents
R11:790a53bad21e: graphics/fotoxx: update the port to version 23.1
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
security/
vuxml/
vuln/

R11:eb9cc2b88cb8

View Options

security/vuxml/vuln/2023.xml

Loading...