Skip to content

v4.0.6
Compare
Choose a tag to compare
@timwoj timwoj released this 21 Apr 22:27
· 5433 commits to master since this release
v4.0.6
c81801d

This release fixes the following security issues:

  • Fix potential unbounded state growth in the FTP analyzer when receiving
    a specially-crafted stream of commands. This may lead to a buffer overflow
    and cause Zeek to crash. Due to the possibility of this happening with
    packets received from the network, this is a potential DoS vulnerabilty.

    Thank you to Jason Ish at OISF for reporting this vulnerability.

This release fixes the following bugs:

  • Empty table constructors with &default attributes may cause a crash.

    18fe9d8

  • Fix a bug in ZAM when a function containing a loop is inlined.

  • Fix a number of bugs with robust dictionary iteration.

    #2040

  • Fix missing "Reporter" entries when reporting hooks via zeek -NN.

    #2052

Assets 6
Loading