Zeek

v8.0.8 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 22d SIEM & Threat Detection

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

bro dfir ndr network-monitoring nsm pcap

+2 more

security zeek

ReleasePort's take

Light signal

editorial:auto 13d

Zeek 8.0.8 addresses a MIME header DoS vulnerability, plus fixes for SQLite data isolation and table reallocation crashes.

Why it matters: MIME header DoS affects deployments parsing untrusted network data; patch via configurable byte limit. SQLite isolation fix prevents data corruption. Evaluate for upgrade.

Summary

AI summary

CVE-2026‑XXXXX – DoS risk from crafted MIME headers mitigated with configurable max_header_bytes limit

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	MIME header DoS vulnerability fixed via MIME::max_header_bytes limit MIME header DoS vulnerability fixed via MIME::max_header_bytes limit Source: llm_adapter@2026-05-21 Confidence: low	—
Dependency	Medium	Spicy updated to version 1.14.1 Spicy updated to version 1.14.1 Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	SQLite storage backends no longer write data across unrelated backend handles SQLite storage backends no longer write data across unrelated backend handles Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Table code crash during reallocation failure on resize fixed Table code crash during reallocation failure on resize fixed Source: llm_adapter@2026-05-21 Confidence: high	—

Full changelog

Thank you to Michael Dickenson for their contribution to this release.

This release fixes the following security issues:

A specially-crafted series of MIME headers sent via SMTP or HTTP could cause Zeek to use
large amounts of memory and potentially crash. Due to the fact that these packets can be
received from remote hosts, this considered a DoS risk and is a high-severity
vulnerability. The fix included is to add a new MIME::max_header_bytes script
variable that sets the maximum size of a MIME header. If the limit is reached, a new
exceeded_mime_max_header_bytes weird will be reported and the packet will not be
processed any further.

This release fixes the following bugs:

Sqlite storage backends no longer potentially write data into a single database file
across multiple unrelated backend handles.
A crash in the table code was fixed if reallocation failed while resizing.
Spicy was updated to v1.14.1.

Security Fixes

CVE-2026-XXXXX — crafted MIME headers could cause high memory usage/DoS; mitigated by new MIME::max_header_bytes script variable and exceeded_mime_max_header_bytes weird

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Zeek

Get notified when new releases ship.

About Zeek

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

All releases →

Related context

Related tools

Earlier breaking changes

v8.2.0 FreeBSD is no longer an officially‑supported platform (best‑effort only).
v8.2.0 Btest Traces library now uses .pcap and .pcapng suffixes.
v8.2.0 Minimum ZeroMQ version requirement increased to 4.3.0.
v8.2.0 FreeBSD support removed from official support, best-effort only.
v8.2.0 MetricsAddress default changed from 0.0.0.0 to 127.0.0.1.

Beta — feedback welcome: [email protected]