CPE Details
Ettercap Project Ettercap 0.7.3
0.7.3
2020-02-26
12h30 +00:00
12h30 +00:00
2020-02-26
12h30 +00:00
12h30 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:ettercap-project:ettercap:0.7.3:*:*:*:*:*:*:*
Informations
Vendor
ettercap-projectProduct
ettercapVersion
0.7.3Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack. | 7.8 |
High |
||
| An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack. | 8.8 |
High |
||
| The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter. | 5.5 |
Medium |
||
| Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the password. | 7.5 |
|||
| The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written to an arbitrary memory location. | 7.5 |
|||
| Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line. | 4.4 |
2025©
tesweb SA
