Ettercap
CVE-2013-0722
MEDIUM
Severity by source
AV:L/AC:M/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:M/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line.
AnalysisAI
Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long. Rated medium severity (CVSS 4.4). Public exploit code available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line. Affected products include: Ettercap-Project Ettercap.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 a
The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-base
The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attack
Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possi
The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to caus
The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows r
Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remot
Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (cras
Heap-based buffer overflow in Ettercap's GG protocol dissector (versions up to 0.8.3) allows remote attackers to potenti
Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers
The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service
A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segme
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today