Ettercap
CVE-2014-9381
MEDIUM
Severity by source
AV:N/AC:L/Au:N/C:N/I:N/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:N/I:N/A:P
Lifecycle Timeline
1DescriptionCVE.org
Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation.
AnalysisAI
Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-189. Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation. Affected products include: Ettercap-Project Ettercap.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 a
The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-base
The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attack
Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow loc
Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possi
The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to caus
The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows r
Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remot
Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (cras
Heap-based buffer overflow in Ettercap's GG protocol dissector (versions up to 0.8.3) allows remote attackers to potenti
The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service
A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segme
Same weakness CWE-189 – Numeric Errors
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today