Denial of Service Vulnerability in Ethereal by Ethereal Software
CVE-2004-0365

7.5HIGH

Key Information:

Vendor

Ethereal Group

Status
Ethereal
Vendor
CVE Published:
4 May 2004

What is CVE-2004-0365?

The dissect_attribute_value_pairs function in the Ethereal network protocol analyzer versions ranging from 0.8.13 to 0.10.2 is vulnerable to a Denial of Service attack. This vulnerability can be exploited by remote attackers who send specially crafted RADIUS packets, leading to a null dereference that causes the application to crash. Users of affected versions are advised to upgrade to the latest version to mitigate this serious issue.

References

http://security.gentoo.org/glsa/glsa-200403-07.xml
vendor-advisoryx_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2004-137.html
vendor-advisoryx_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2004-136.html
vendor-advisoryx_refsource_REDHAT

EPSS Score

29% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.