zeek < 8.0.7 as vulnerable as per:
039d0a9ca807
Actions

Description

security/vuxml: Mark security/zeek < 8.0.7 as vulnerable as per:

https://github.com/zeek/zeek/releases/tag/v8.0.7

This release fixes the following potential DoS vulnerabilities:

A series of DNS messages containing long DNS compression chains can cause Zeek to spend a long time processing packets and potentially crash. Due to the fact that these packets can be received from remote hosts, this is a DoS risk.
A specially-crafted LDAP search request can cause Zeek to spend a long time processing the packet, resulting in Zeek silently dropping the LDAP analyzer for the connection. Due to the fact that these packets can be received from remote hosts, this is an evasion risk.
A specially-crafted series of ASN.1 messages in LDAP packets can cause Zeek to spend a long time processing the packets, resulting in Zeek silently dropping the LDAP analyzer for the connection. Due to the fact that these packets can be received from remote hosts, this is an evasion risk.

Reported by: Tim Wojtulewicz