Denial of Service Vulnerability in Ettercap by Cert-NG
CVE-2014-9380

Currently unrated

Key Information:

Vendor: Ettercap-project
Status: Ettercap
Vendor: CVE Published:; 19 December 2014

🔔 Create Ettercap-project Vulnerability Alert

What is CVE-2014-9380?

The dissector_cvs function in Ettercap version 0.8.1 has a vulnerability that allows remote attackers to exploit an out-of-bounds read condition. By sending a specially crafted packet containing only a CVS_LOGIN signature, attackers can trigger a denial of service, disrupting the functionality of the software and potentially leading to further exploitation. It is crucial for users of Ettercap to apply necessary patches and updates to mitigate this risk and protect their systems.

References

https://security.gentoo.org/glsa/201505-01

vendor-advisoryx_refsource_GENTOO

https://github.com/Ettercap/ettercap/pull/608

x_refsource_CONFIRM

https://www.obrela.com/home/security-labs/advisories/osi-...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2014
Vulnerability Reserved
Dec 11, 2014

CVE-2014-9380 Data

JSON