v4.0.6
This release fixes the following security issues:
-
Fix potential unbounded state growth in the FTP analyzer when receiving
a specially-crafted stream of commands. This may lead to a buffer overflow
and cause Zeek to crash. Due to the possibility of this happening with
packets received from the network, this is a potential DoS vulnerabilty.Thank you to Jason Ish at OISF for reporting this vulnerability.
This release fixes the following bugs: