v5.0.2
This release fixes the following security issues:
-
Fix a possible overflow and crash in the ICMP analyzer when receiving a
specially crafted packet. Due to the possibility of this happening with
packets received from the network, this is a potential DoS vulnerability. -
Fix a possible overflow and crash in the IRC analyzer when receiving a
specially crafted packet. Due to the possibility of this happening with
packets received from the network, this is a potential DoS vulnerability.
Note that this requires theirc_whois_channel_line
to be handled. This
event is not handled by default, so this is likely a low-severity issue. -
Fix a possible overflow and crash in the SMB analyzer when receiving a
specially crafted packet. Due to the possibility of this happening with
packets received from the network, this is a potential DoS vulnerability.
Note that this requires thesmb1_transaction_secondary_request
to be
handled. This event is not handled by default, so this is likely a
low-severity issue. -
Fix two possible crashes when converting IP headers for output via the
raw_packet
event. Due to the possibility of this happening with packets
received from the network, this is a potential DoS vulnerability. Note that
theraw_packet
event is not enabled by default so these are likely
low-severity issues.
This release fixes the following bugs:
-
Fix a bug that prevented Broker nodes to recover from OpenSSL errors.
-
Fix handling of buffer sizes that caused Broker to stall despite having
sufficient capacity. -
Fix an issue with signal handling that could prevent Zeek from exiting via
ctrl-c when reading scripts from stdin.