Skip to main content

Zeek

4 CVEs product

Monthly

CVE-2026-60109 HIGH PATCH This Week

Denial of service in Zeek (formerly Bro) network security monitor before 8.0.9 lets remote unauthenticated attackers crash the sensor by sending a single crafted Kerberos KRB_ERROR packet. The flaw is a null pointer dereference (CWE-476) in the Kerberos analyzer's proc_padata() routine, reachable over UDP or TCP port 88 with no credentials. No public exploit identified at time of analysis and it is not listed in CISA KEV, but the trivial single-packet trigger and passive-monitoring exposure make it operationally significant for security teams running Zeek inline or on tapped traffic.

Denial Of Service Null Pointer Dereference Zeek
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.5%
CVE-2026-60108 HIGH PATCH This Week

Denial of service in Zeek network security monitor (versions before 8.0.9) lets unauthenticated remote attackers crash the sensor by driving unbounded memory growth in the FTP protocol analyzer. By opening an FTP control session, negotiating AUTH GSSAPI, and sending an oversized ADAT control line, an attacker forces the NVT_Analyzer to repeatedly double its base64-decode buffer until the process is terminated. VulnCheck reported the issue; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-facing, unauthenticated, low-complexity nature makes it a high-availability risk for exposed monitoring infrastructure.

Denial Of Service Zeek
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2021-41732 HIGH POC This Week

An issue was discovered in zeek version 4.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Zeek
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-12175 HIGH This Week

In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Zeek
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
EPSS 1% CVSS 8.7
HIGH PATCH This Week

Denial of service in Zeek (formerly Bro) network security monitor before 8.0.9 lets remote unauthenticated attackers crash the sensor by sending a single crafted Kerberos KRB_ERROR packet. The flaw is a null pointer dereference (CWE-476) in the Kerberos analyzer's proc_padata() routine, reachable over UDP or TCP port 88 with no credentials. No public exploit identified at time of analysis and it is not listed in CISA KEV, but the trivial single-packet trigger and passive-monitoring exposure make it operationally significant for security teams running Zeek inline or on tapped traffic.

Denial Of Service Null Pointer Dereference Zeek
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in Zeek network security monitor (versions before 8.0.9) lets unauthenticated remote attackers crash the sensor by driving unbounded memory growth in the FTP protocol analyzer. By opening an FTP control session, negotiating AUTH GSSAPI, and sending an oversized ADAT control line, an attacker forces the NVT_Analyzer to repeatedly double its base64-decode buffer until the process is terminated. VulnCheck reported the issue; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-facing, unauthenticated, low-complexity nature makes it a high-availability risk for exposed monitoring infrastructure.

Denial Of Service Zeek
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered in zeek version 4.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Zeek
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Zeek
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy