VYPR
Vendor

Bro

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2015-1522HigApr 24, 2017
    risk 0.42cvss 7.5epss 0.02

    analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject certain non-zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read) via a crafted DNP3 packet.

  • CVE-2015-1521HigApr 24, 2017
    risk 0.42cvss 7.5epss 0.02

    analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly handle zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read if NDEBUG; otherwise assertion failure) via a crafted DNP3 packet.

  • CVE-2023-43955CriDec 27, 2023
    risk 0.00cvss 9.8epss 0.01

    The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData.

  • CVE-2018-17019HigSep 13, 2018
    risk 0.00cvss 7.5epss 0.01

    In Bro through 2.5.5, there is a DoS in IRC protocol names command parsing in analyzer/protocol/irc/IRC.cc.

  • CVE-2018-16807HigSep 11, 2018
    risk 0.00cvss 7.5epss 0.01

    In Bro through 2.5.5, there is a memory leak potentially leading to DoS in scripts/base/protocols/krb/main.bro in the Kerberos protocol parser.

  • CVE-2017-1000458CriJan 2, 2018
    risk 0.00cvss 9.8epss 0.02

    Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation.