Integer Underflow Vulnerability in Ettercap from the Vendor
CVE-2014-9376

Currently unrated

Key Information:

Vendor: Ettercap-project
Status: Ettercap
Vendor: CVE Published:; 19 December 2014

🔔 Create Ettercap-project Vulnerability Alert

What is CVE-2014-9376?

An integer underflow in Ettercap version 0.8.1 poses significant risks by allowing remote attackers to exploit specific functions within the application. Attackers may use carefully crafted input to trigger an out-of-bounds write, resulting in a denial of service. This vulnerability is present in the dissector_dhcp function, the dissector_gg function, the get_decode_len function, and the dissector_TN3270 function, where inadequate validation of input values can lead to critical issues, including potential arbitrary code execution.

References

https://security.gentoo.org/glsa/201505-01

vendor-advisoryx_refsource_GENTOO

https://github.com/Ettercap/ettercap/pull/606

x_refsource_CONFIRM

http://www.securityfocus.com/bid/71696

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2014
Vulnerability Reserved
Dec 11, 2014

CVE-2014-9376 Data

JSON