Tag
CVE-2026-60109 - Zeek Kerberos Protocol Analyzer Null Pointer Dereference
1 TTP 1 CVEA null pointer dereference vulnerability (CVE-2026-60109) exists in Zeek's Kerberos protocol analyzer before version 8.0.9, allowing unauthenticated remote attackers to crash a Zeek sensor by sending a specially crafted KRB_ERROR message with error-code 25 and specific PA-DATA elements, leading to a denial-of-service condition.
CVE-2026-60108 - Zeek FTP Analyzer Uncontrolled Memory Consumption leading to DoS
1 TTP 1 CVEAn uncontrolled memory consumption vulnerability in the Zeek FTP analyzer, versions prior to 8.0.9, allows unauthenticated remote attackers to cause process termination and denial of service of the Zeek sensor. This occurs when a crafted FTP control session with AUTH GSSAPI and a large ADAT control line exploits the NVT_Analyzer component's lack of a maximum line length check, leading to an unbounded internal buffer during base64 decoding.