diff options
| author | Craig Leres <leres@FreeBSD.org> | 2023-04-11 23:16:37 -0700 |
|---|---|---|
| committer | Craig Leres <leres@FreeBSD.org> | 2023-04-11 23:16:37 -0700 |
| commit | 8045c67d846f4264582d0833fbd114363e05cf27 (patch) | |
| tree | 938f895f7fcf11d432576aedb9a7419efc1b54d9 /math/form | |
| parent | deskutils/timewarrior: Update version 1.4.3=>1.5.0 (diff) | |
security/vuxml: Mark zeek < 5.0.8 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.8
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted stream of FTP packets containing a command
reply with many intermediate lines can cause Zeek to spend a
large amount of time processing data.
- A specially-crafted set of packets containing extremely large
file offsets cause cause the reassembler code to allocate large
amounts of memory.
- The DNS manager does not correctly expire responses that don't
contain any data, such those containing NXDOMAIN or NODATA status
codes. This can lead to Zeek allocating large amounts of memory
for these responses and never deallocating them.
- A specially-crafted stream of RDP packets can cause Zeek to spend
large protocol validation.
- A specially-crafted stream of SMTP packets can cause Zeek to
spend large amounts of time processing data.
Reported by: Tim Wojtulewicz
Diffstat (limited to 'math/form')
0 files changed, 0 insertions, 0 deletions