5 matches found
CVE-2026-60108
Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit t...
EUVD-2026-42597
Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit t...
CVE-2026-60108
Zeek prior to 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer. An unauthenticated remote attacker can trigger a DoS by initiating an FTP control session that negotiates AUTH GSSAPI, then sends a large ADAT control line. The NVT_Analyzer does not enforce a maxim...
zeek -- potential DoS vulnerabilty
Tim Wojtulewicz of Corelight reports: Fix potential unbounded state growth in the FTP analyzer when receiving a specially-crafted stream of commands. This may lead to a buffer overflow and cause Zeek to crash. Due to the possibility of this happening with packets received from the network, this i...
FreeBSD : zeek -- potential DoS vulnerabilty (a00c76d9-0c05-4d99-bef7-ae4521cb2a4d)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a00c76d9-0c05-4d99-bef7-ae4521cb2a4d advisory. - Tim Wojtulewicz of Corelight reports: Fix potential unbounded state growth in the FTP analyzer when...