https://github.com/zeek/zeek/releases/tag/v8.0.7
This release fixes the following potential DoS vulnerabilities:
- A series of DNS messages containing long DNS compression chains
can cause Zeek to spend a long time processing packets and
potentially crash. Due to the fact that these packets can be
received from remote hosts, this is a DoS risk.
- A specially-crafted LDAP search request can cause Zeek to spend
a long time processing the packet, resulting in Zeek silently
dropping the LDAP analyzer for the connection. Due to the fact
that these packets can be received from remote hosts, this is
an evasion risk.
- A specially-crafted series of ASN.1 messages in LDAP packets can
cause Zeek to spend a long time processing the packets, resulting
in Zeek silently dropping the LDAP analyzer for the connection.
Due to the fact that these packets can be received from remote
hosts, this is an evasion risk.
This release fixes the following bugs:
- Support for non-Broker cluster backends was added to the
cluster/experimental set of scripts.
- The SQLite storage backend now uses quick_check instead of
integrity_check in the default set of pragmas.
- The events ssl_extension_pre_shared_key_server_hello and
ssl_extension_pre_shared_key_client_hello can now be used
independently.
- The SSH analyzer now supports the ML-KEM family of key exchange
algorithms.
- A memory leak in the telemetry framework's process handling on
FreeBSD was fixed.
- ZeekJS was updated to v0.22.1.
Reported by: Tim Wojtulewicz
040af0887e