Vendor
An uncontrolled memory consumption vulnerability in the Zeek FTP analyzer, versions prior to 8.0.9, allows unauthenticated remote attackers to cause process termination and denial of service of the Zeek sensor. This occurs when a crafted FTP control session with AUTH GSSAPI and a large ADAT control line exploits the NVT_Analyzer component's lack of a maximum line length check, leading to an unbounded internal buffer during base64 decoding.