Ethereal
Source repositories
CVEs (137)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0430 | 0.00 | — | 0.02 | Jul 24, 2003 | The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value. | |||
| CVE-2003-0431 | 0.00 | — | 0.02 | Jul 24, 2003 | The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences. | |||
| CVE-2003-0429 | 0.00 | — | 0.05 | Jul 24, 2003 | The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow. | |||
| CVE-2003-0432 | 0.00 | — | 0.02 | Jul 24, 2003 | Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors. | |||
| CVE-2003-0428 | 0.00 | — | 0.04 | Jul 24, 2003 | Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string. | |||
| CVE-2003-0159 | 0.00 | — | 0.04 | Apr 2, 2003 | Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||
| CVE-2003-0081 | 0.00 | — | 0.06 | Mar 18, 2003 | Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers. | |||
| CVE-2002-1356 | 0.00 | — | 0.03 | Dec 23, 2002 | Ethereal 0.9.7 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed packets to the (1) LMP, (2) PPP, or (3) TDS dissectors, possibly related to a missing field for EndVerifyAck messages. | |||
| CVE-2002-1355 | 0.00 | — | 0.02 | Dec 23, 2002 | Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of service (infinite loop) via malformed messages. | |||
| CVE-2002-0834 | 0.00 | — | 0.02 | Sep 24, 2002 | Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets. | |||
| CVE-2002-0821 | 0.00 | — | 0.03 | Aug 12, 2002 | Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector. | |||
| CVE-2002-0822 | 0.00 | — | 0.01 | Aug 12, 2002 | Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump. | |||
| CVE-2002-0353 | 0.00 | — | 0.03 | Jun 25, 2002 | The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a certain malformed packet, which causes Ethereal to allocate memory incorrectly, possibly due to zero-length fields. | |||
| CVE-2002-0404 | 0.00 | — | 0.02 | Jun 18, 2002 | Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption). | |||
| CVE-2002-0403 | 0.00 | — | 0.02 | Jun 18, 2002 | DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop. | |||
| CVE-2002-0402 | 0.00 | — | 0.05 | Jun 18, 2002 | Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms. | |||
| CVE-1999-1227 | 0.00 | — | 0.00 | Jul 30, 1999 | Ethereal allows local users to overwrite arbitrary files via a symlink attack on the packet capture file. |
- CVE-2003-0430Jul 24, 2003risk 0.00cvss —epss 0.02
The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value.
- CVE-2003-0431Jul 24, 2003risk 0.00cvss —epss 0.02
The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences.
- CVE-2003-0429Jul 24, 2003risk 0.00cvss —epss 0.05
The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow.
- CVE-2003-0432Jul 24, 2003risk 0.00cvss —epss 0.02
Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors.
- CVE-2003-0428Jul 24, 2003risk 0.00cvss —epss 0.04
Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string.
- CVE-2003-0159Apr 2, 2003risk 0.00cvss —epss 0.04
Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
- CVE-2003-0081Mar 18, 2003risk 0.00cvss —epss 0.06
Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.
- CVE-2002-1356Dec 23, 2002risk 0.00cvss —epss 0.03
Ethereal 0.9.7 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed packets to the (1) LMP, (2) PPP, or (3) TDS dissectors, possibly related to a missing field for EndVerifyAck messages.
- CVE-2002-1355Dec 23, 2002risk 0.00cvss —epss 0.02
Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of service (infinite loop) via malformed messages.
- CVE-2002-0834Sep 24, 2002risk 0.00cvss —epss 0.02
Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets.
- CVE-2002-0821Aug 12, 2002risk 0.00cvss —epss 0.03
Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector.
- CVE-2002-0822Aug 12, 2002risk 0.00cvss —epss 0.01
Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump.
- CVE-2002-0353Jun 25, 2002risk 0.00cvss —epss 0.03
The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a certain malformed packet, which causes Ethereal to allocate memory incorrectly, possibly due to zero-length fields.
- CVE-2002-0404Jun 18, 2002risk 0.00cvss —epss 0.02
Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption).
- CVE-2002-0403Jun 18, 2002risk 0.00cvss —epss 0.02
DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop.
- CVE-2002-0402Jun 18, 2002risk 0.00cvss —epss 0.05
Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms.
- CVE-1999-1227Jul 30, 1999risk 0.00cvss —epss 0.00
Ethereal allows local users to overwrite arbitrary files via a symlink attack on the packet capture file.
Page 7 of 7