Zeek
Monthly
Denial of service in Zeek (formerly Bro) network security monitor before 8.0.9 lets remote unauthenticated attackers crash the sensor by sending a single crafted Kerberos KRB_ERROR packet. The flaw is a null pointer dereference (CWE-476) in the Kerberos analyzer's proc_padata() routine, reachable over UDP or TCP port 88 with no credentials. No public exploit identified at time of analysis and it is not listed in CISA KEV, but the trivial single-packet trigger and passive-monitoring exposure make it operationally significant for security teams running Zeek inline or on tapped traffic.
Denial of service in Zeek network security monitor (versions before 8.0.9) lets unauthenticated remote attackers crash the sensor by driving unbounded memory growth in the FTP protocol analyzer. By opening an FTP control session, negotiating AUTH GSSAPI, and sending an oversized ADAT control line, an attacker forces the NVT_Analyzer to repeatedly double its base64-decode buffer until the process is terminated. VulnCheck reported the issue; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-facing, unauthenticated, low-complexity nature makes it a high-availability risk for exposed monitoring infrastructure.
An issue was discovered in zeek version 4.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial of service in Zeek (formerly Bro) network security monitor before 8.0.9 lets remote unauthenticated attackers crash the sensor by sending a single crafted Kerberos KRB_ERROR packet. The flaw is a null pointer dereference (CWE-476) in the Kerberos analyzer's proc_padata() routine, reachable over UDP or TCP port 88 with no credentials. No public exploit identified at time of analysis and it is not listed in CISA KEV, but the trivial single-packet trigger and passive-monitoring exposure make it operationally significant for security teams running Zeek inline or on tapped traffic.
Denial of service in Zeek network security monitor (versions before 8.0.9) lets unauthenticated remote attackers crash the sensor by driving unbounded memory growth in the FTP protocol analyzer. By opening an FTP control session, negotiating AUTH GSSAPI, and sending an oversized ADAT control line, an attacker forces the NVT_Analyzer to repeatedly double its base64-decode buffer until the process is terminated. VulnCheck reported the issue; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-facing, unauthenticated, low-complexity nature makes it a high-availability risk for exposed monitoring infrastructure.
An issue was discovered in zeek version 4.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.