FreeBSD : zeek -- potential DoS vulnerabilities (8eefa87f-31f1-496d-bf8e-2b465b6e4e8a)

high Nessus Plugin ID 181322



The remote FreeBSD host is missing one or more security-related updates.


The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8eefa87f-31f1-496d-bf8e-2b465b6e4e8a advisory.

- Tim Wojtulewicz of Corelight reports: File extraction limits were not correctly enforced for files containing large amounts of missing bytes. Sessions are sometimes not cleaned up completely within Zeek during shutdown, potentially causing a crash when using the -B dpd flag for debug logging. A specially-crafted HTTP packet can cause Zeek's filename extraction code to take a long time to process the data. A specially-crafted series of FTP packets made up of a CWD request followed by a large amount of ERPT requests may cause Zeek to spend a long time logging the commands. A specially-crafted VLAN packet can cause Zeek to overflow memory and potentially crash. (8eefa87f-31f1-496d-bf8e-2b465b6e4e8a)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 181322

File Name: freebsd_pkg_8eefa87f31f1496dbf8e2b465b6e4e8a.nasl

Version: 1.0

Type: local

Published: 9/12/2023

Updated: 9/12/2023

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:zeek, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 9/12/2023

Vulnerability Publication Date: 9/12/2023