Integer Overflow Vulnerability in Ettercap's Password Handling
CVE-2014-9381

Currently unrated

Key Information:

Vendor: Ettercap-project
Status: Ettercap
Vendor: CVE Published:; 19 December 2014

🔔 Create Ettercap-project Vulnerability Alert

What is CVE-2014-9381?

An integer signedness error in the dissector_cvs function within the codebase of Ettercap 0.8.1 allows remote attackers to exploit this vulnerability by sending specially crafted passwords. This can result in a denial of service due to an excessive memory allocation, causing the application to crash. It is crucial for users of this software to evaluate their security posture and apply necessary updates to mitigate the risk.

References

https://security.gentoo.org/glsa/201505-01

vendor-advisoryx_refsource_GENTOO

https://www.obrela.com/home/security-labs/advisories/osi-...

x_refsource_MISC

http://www.securityfocus.com/bid/71693

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2014
Vulnerability Reserved
Dec 11, 2014

CVE-2014-9381 Data

JSON