Ettercap-project

Ettercap

12 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2010-3843

  • EPSS 0.05%
  • Published 28.05.2021 13:15:07
  • Last modified 21.11.2024 01:19:44

The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a ...

8.8

CVE-2010-3844

  • EPSS 0.53%
  • Published 12.11.2019 22:15:10
  • Last modified 21.11.2024 01:19:44

An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.

5.5

CVE-2017-6430

Exploit
  • EPSS 0.23%
  • Published 15.03.2017 15:59:01
  • Last modified 20.04.2025 01:37:25

The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter.

5

CVE-2014-9381

  • EPSS 0.73%
  • Published 19.12.2014 15:59:31
  • Last modified 12.04.2025 10:46:40

Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation.

5

CVE-2014-9380

  • EPSS 0.89%
  • Published 19.12.2014 15:59:30
  • Last modified 12.04.2025 10:46:40

The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature.

7.5

CVE-2014-9379

  • EPSS 2.79%
  • Published 19.12.2014 15:59:29
  • Last modified 12.04.2025 10:46:40

The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a ...

7.5

CVE-2014-9378

  • EPSS 2.66%
  • Published 19.12.2014 15:59:28
  • Last modified 12.04.2025 10:46:40

Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line function in mdns_spoof/mdns_spoof.c or (2) base64 e...

7.5

CVE-2014-9376

  • EPSS 3.1%
  • Published 19.12.2014 15:59:27
  • Last modified 12.04.2025 10:46:40

Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length ...

7.5

CVE-2014-9377

  • EPSS 2.79%
  • Published 19.12.2014 15:59:27
  • Last modified 12.04.2025 10:46:40

Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet.

7.5

CVE-2014-6396

  • EPSS 2.82%
  • Published 19.12.2014 15:59:07
  • Last modified 12.04.2025 10:46:40

The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be writte...