Denial of Service Vulnerability in Ettercap 0.8.1 by Ettercap Team
CVE-2014-9378

Currently unrated

Key Information:

Vendor: Ettercap-project
Status: Ettercap
Vendor: CVE Published:; 19 December 2014

🔔 Create Ettercap-project Vulnerability Alert

What is CVE-2014-9378?

Ettercap 0.8.1 exhibits a vulnerability due to improper validation of return values, which can be exploited by remote attackers. By sending crafted inputs, specifically a manipulated name to the parse_line function in mdns_spoof/mdns_spoof.c or a specially formatted base64 encoded password to the dissector_imap function in dissectors/ec_imap.c, attackers can trigger a denial of service condition, potentially leading to a crash of the application or arbitrary code execution.

References

https://security.gentoo.org/glsa/201505-01

vendor-advisoryx_refsource_GENTOO

https://www.obrela.com/home/security-labs/advisories/osi-...

x_refsource_MISC

https://github.com/Ettercap/ettercap/pull/610

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2014
Vulnerability Reserved
Dec 11, 2014

CVE-2014-9378 Data

JSON