Multiple Off-by-One Vulnerabilities in Ethereal Product by Ethereal
CVE-2003-0356

9.8CRITICAL

Key Information:

Vendor

Ethereal Group

Status
Ethereal
Vendor
CVE Published:
9 June 2003

What is CVE-2003-0356?

Ethereal versions 0.9.11 and earlier are affected by multiple off-by-one vulnerabilities that allow remote attackers to trigger a denial of service and potentially execute arbitrary code. These vulnerabilities arise from improper handling of the tvb_get_nstringz and tvb_get_nstringz0 functions in several dissectors, including those for AIM, OSPF, PPTP, and others. Exploitation can compromise the integrity of the affected systems, underscoring the importance of timely updates and security measures.

References

http://www.kb.cert.org/vuls/id/641013
third-party-advisoryx_refsource_CERT-VN
http://www.redhat.com/support/errata/RHSA-2003-077.html
vendor-advisoryx_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL

EPSS Score

28% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2003-0356 : Multiple Off-by-One Vulnerabilities in Ethereal Product by Ethereal