QwikSec

Security Database

CVE

CWE

Training

CVE-2014-9376

Published: Dec 19, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_GENTOO

https://github.com/Ettercap/ettercap/pull/606

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/

x_refsource_MISC

https://github.com/Ettercap/ettercap/pull/602

x_refsource_CONFIRM

https://github.com/Ettercap/ettercap/pull/605

x_refsource_CONFIRM

20141216 "Ettercap 8.0 - 8.1" multiple vulnerabilities

mailing-list

x_refsource_BUGTRAQ

https://github.com/Ettercap/ettercap/pull/609

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.