Skip to content
Commit 2986f76a authored by Craig Leres's avatar Craig Leres
Browse files

security/vuxml: Mark zeek < 5.0.7 as vulnerable as per: 

    https://github.com/zeek/zeek/releases/tag/v5.0.7

This release fixes the following potential DoS vulnerabilities:

 - Receiving DNS responses from async DNS requests (via the
   lookup_addr, etc BIF methods) with the TTL set to zero could
   cause the DNS manager to eventually stop being able to make new
   requests.

 - Specially-crafted FTP packets with excessively long usernames,
   passwords, or other fields could cause log writes to use large
   amounts of disk space.

 - The find_all and find_all_ordered BIF methods could take extremely
   large amounts of time to process incoming data depending on the
   size of the input.

Reported by:	Tim Wojtulewicz
parent 4b2680ed
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment