CVE-2014-9381 - Vulnerability Details - OpenCVE

Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ettercap-project	Ettercap

Configuration 1 [-]

cpe:2.3:a:ettercap-project:ettercap:0.8.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/archive/1/534248/100/0/threaded
http://www.securityfocus.com/bid/71693
https://github.com/Ettercap/ettercap/pull/609
https://security.gentoo.org/glsa/201505-01
https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-12-19T15:00:00

Updated: 2024-08-06T13:40:25.164Z

Reserved: 2014-12-11T00:00:00

Link: CVE-2014-9381

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-12-19T15:59:31.567

Modified: 2024-11-21T02:20:44.683

Link: CVE-2014-9381

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-12-16T00:00:00", "descriptions": [{"lang": "en", "value": "Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201505-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201505-01"}, {"tags": ["x_refsource_MISC"], "url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"}, {"name": "71693", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71693"}, {"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Ettercap/ettercap/pull/609"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9381", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201505-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201505-01"}, {"name": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/", "refsource": "MISC", "url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"}, {"name": "71693", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71693"}, {"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"}, {"name": "https://github.com/Ettercap/ettercap/pull/609", "refsource": "CONFIRM", "url": "https://github.com/Ettercap/ettercap/pull/609"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:40:25.164Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201505-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201505-01"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"}, {"name": "71693", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71693"}, {"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Ettercap/ettercap/pull/609"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9381", "datePublished": "2014-12-19T15:00:00", "dateReserved": "2014-12-11T00:00:00", "dateUpdated": "2024-08-06T13:40:25.164Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ettercap-project:ettercap:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "B757BFA2-DFC1-4DB8-B838-25082E9EBB6F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation."}, {"lang": "es", "value": "Error de entero sin signo en la funci\u00f3n dissector_cvs en dissectors/ec_cvs.c en Ettercap 0.8.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una contrase\u00f1a manipulada que desencadena una asignaci\u00f3n larga de memoria."}], "id": "CVE-2014-9381", "lastModified": "2024-11-21T02:20:44.683", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-12-19T15:59:31.567", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/71693"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/Ettercap/ettercap/pull/609"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201505-01"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/71693"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/Ettercap/ettercap/pull/609"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201505-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}