FreeBSD : zeek -- NULL pointer dereference vulnerability (bc83cfc9-42cf-4b00-97ad-d352ba0c5e2b)

high Nessus Plugin ID 148930

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Jon Siwek of Corelight reports :

Fix NULL pointer dereference when encountering an invalid enum name in a config/input file that tries to read it into a set[enum]. For those that have such an input feed whose contents may come from external/remote sources, this is a potential DoS vulnerability.

Solution

Update the affected package.

See Also

https://github.com/zeek/zeek/releases/tag/v4.0.1

http://www.nessus.org/u?75396394

Plugin Details

Severity: High

ID: 148930

File Name: freebsd_pkg_bc83cfc942cf4b0097add352ba0c5e2b.nasl

Version: 1.1

Type: local

Published: 4/22/2021

Updated: 4/22/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:zeek, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/21/2021

Vulnerability Publication Date: 4/1/2021