FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zeek -- several potential DoS vulnerabilities

Affected packages
zeek < 4.0.2

Details

VuXML ID a550d62c-f78d-4407-97d9-93876b6741b9
Discovery 2021-04-30
Entry 2021-06-02

Tim Wojtulewicz of Corelight reports:

Fix potential Undefined Behavior in decode_netbios_name() and decode_netbios_name_type() BIFs. The latter has a possibility of a remote heap-buffer-overread, making this a potential DoS vulnerability.

Add some extra length checking when parsing mobile ipv6 packets. Due to the possibility of reading invalid headers from remote sources, this is a potential DoS vulnerability.

References

URL https://github.com/zeek/zeek/releases/tag/v4.0.2