Critical severity9.8NVD Advisory· Published Jun 9, 2003· Updated Apr 16, 2026

CVE-2003-0356

Description

Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.

Affected products

Ethereal/Ethereal
cpe:2.3:a:ethereal:ethereal:*:*:*:*:*:*:*:*
Range: <0.9.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2003/dsa-313nvdBroken LinkPatchVendor Advisory
www.ethereal.com/appnotes/enpa-sa-00009.htmlnvdBroken LinkPatchVendor Advisory
www.kb.cert.org/vuls/id/641013nvdThird Party AdvisoryUS Government Resource
www.mandriva.com/security/advisoriesnvdThird Party Advisory
www.redhat.com/support/errata/RHSA-2003-077.htmlnvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A69nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.023
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000