FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-24 11:27:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d47b7ae7-fe1d-4f7f-919a-480ca8035f00zeek -- potential DoS vulnerability

Tim Wojtulewicz of Corelight reports:

The POP3 parser has been hardened to avoid unbounded state growth in the face of one-sided traffic capture or when enabled for non-POP3 traffic.


Discovery 2024-09-24
Entry 2024-09-24
zeek
< 7.0.2

https://github.com/zeek/zeek/releases/tag/v7.0.2
fe7031d3-3000-4b43-9fa6-52c2b624b8f9zeek -- potential DoS vulnerability

Tim Wojtulewicz of Corelight reports:

Adding to the POP3 hardening in 7.0.2, the parser now simply discards too many pending commands, rather than any attempting to process them. Further, invalid server responses do not result in command completion anymore. Processing out-of-order commands or finishing commands based on invalid server responses could result in inconsistent analyzer state, potentially triggering null pointer references for crafted traffic.


Discovery 2024-10-05
Entry 2024-10-05
zeek
< 7.0.3

https://github.com/zeek/zeek/releases/tag/v7.0.3