FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-24 11:27:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
fe7031d3-3000-4b43-9fa6-52c2b624b8f9	zeek -- potential DoS vulnerability Tim Wojtulewicz of Corelight reports: Adding to the POP3 hardening in 7.0.2, the parser now simply discards too many pending commands, rather than any attempting to process them. Further, invalid server responses do not result in command completion anymore. Processing out-of-order commands or finishing commands based on invalid server responses could result in inconsistent analyzer state, potentially triggering null pointer references for crafted traffic. Discovery 2024-10-05 Entry 2024-10-05 zeek < 7.0.3 https://github.com/zeek/zeek/releases/tag/v7.0.3

VuXML ID

Description

fe7031d3-3000-4b43-9fa6-52c2b624b8f9

zeek -- potential DoS vulnerability

Tim Wojtulewicz of Corelight reports:

Adding to the POP3 hardening in 7.0.2, the parser now simply discards too many pending commands, rather than any attempting to process them. Further, invalid server responses do not result in command completion anymore. Processing out-of-order commands or finishing commands based on invalid server responses could result in inconsistent analyzer state, potentially triggering null pointer references for crafted traffic.

Discovery 2024-10-05
Entry 2024-10-05
zeek

< 7.0.3

https://github.com/zeek/zeek/releases/tag/v7.0.3