Heap-based Buffer Overflow in Ettercap Dissector for PostgreSQL
CVE-2014-6395

Currently unrated

Key Information:

Vendor: Ettercap-project
Status: Ettercap
Vendor: CVE Published:; 19 December 2014

🔔 Create Ettercap-project Vulnerability Alert

What is CVE-2014-6395?

A heap-based buffer overflow vulnerability exists in the dissector_postgresql function within Ettercap versions prior to 0.8.1. This flaw allows remote attackers to exploit a discrepancy between the expected and actual password length values, potentially leading to a denial of service or arbitrary code execution. Users of the affected product are encouraged to upgrade to the latest version to mitigate the risks associated with this vulnerability.

References

https://security.gentoo.org/glsa/201505-01

vendor-advisoryx_refsource_GENTOO

http://www.securityfocus.com/bid/71689

vdb-entryx_refsource_BID

https://www.obrela.com/home/security-labs/advisories/osi-...

x_refsource_MISC

EPSS Score

26% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2014
Vulnerability Reserved
Sep 15, 2014

CVE-2014-6395 Data

JSON