Etherealgroup Ethereal

Do you want an email whenever new security vulnerabilities are reported in Etherealgroup Ethereal?

By the Year

In 2024 there have been 0 vulnerabilities in Etherealgroup Ethereal . Ethereal did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	0	0.00
2022	0	0.00
2021	0	0.00
2020	0	0.00
2019	0	0.00
2018	0	0.00

It may take a day or so for new Ethereal vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Etherealgroup Ethereal Security Vulnerabilities

Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14

CVE-2006-1933 - April 25, 2006

Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (large or infinite loops) viarafted packets to the (1) UMA and (2) BER dissectors.

Off-by-one error in the OID printing routine in Ethereal 0.10.x up to 0.10.14 has unknown impact and remote attack vectors.

CVE-2006-1932 - April 25, 2006

Off-by-one error in the OID printing routine in Ethereal 0.10.x up to 0.10.14 has unknown impact and remote attack vectors.

Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14

CVE-2006-1940 - April 25, 2006

Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows remote attackers to cause a denial of service (abort) via the SNDCP dissector.

Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14

CVE-2006-1939 - April 25, 2006

Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) an invalid display filter, or the (2) GSM SMS, (3) ASN.1-based, (4) DCERPC NT, (5) PER, (6) RPC, (7) DCERPC, and (8) ASN.1 dissectors.

Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14

CVE-2006-1938 - April 25, 2006

Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via the (1) Sniffer capture or (2) SMB PIPE dissector.

Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14

CVE-2006-1937 - April 25, 2006

Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter.

Buffer overflow in Ethereal 0.8.5 up to 0.10.14

CVE-2006-1936 - April 25, 2006

Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attackers to execute arbitrary code via the telnet dissector.

Buffer overflow in Ethereal 0.9.15 up to 0.10.14

CVE-2006-1935 - April 25, 2006

Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the COPS dissector.

Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14

CVE-2006-1934 - April 25, 2006

Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code.

Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to 0.10.13

CVE-2005-4585 - December 29, 2005

Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to 0.10.13 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

Stack-based buffer overflow in the dissect_ospf_v3_address_prefix function in the OSPF protocol dissector in Ethereal 0.10.12, and possibly other versions

CVE-2005-3651 - December 10, 2005

Stack-based buffer overflow in the dissect_ospf_v3_address_prefix function in the OSPF protocol dissector in Ethereal 0.10.12, and possibly other versions, allows remote attackers to execute arbitrary code via crafted packets.

The IRC protocol dissector in Ethereal 0.10.13

CVE-2005-3313 - November 01, 2005

The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers to cause a denial of service (infinite loop).

Ethereal 0.10.12 and earlier

CVE-2005-3242 - October 27, 2005

Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (crash) via unknown vectors in (1) the IrDA dissector and (2) the SMB dissector when SMB transaction payload reassembly is enabled.

Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to 0.10.12 allows remote attackers to cause a denial of service or corrupt memory via unknown vectors

CVE-2005-3249 - October 27, 2005

Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to 0.10.12 allows remote attackers to cause a denial of service or corrupt memory via unknown vectors that cause Ethereal to free an invalid pointer.

Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and earlier

CVE-2005-3248 - October 27, 2005

Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (divide-by-zero) via unknown vectors.

The SigComp UDVM in Ethereal 0.10.12

CVE-2005-3247 - October 27, 2005

The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

Ethereal 0.10.12 and earlier

CVE-2005-3246 - October 27, 2005

Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (null dereference) via unknown vectors in the (1) SCSI, (2) sFlow, or (3) RTnet dissectors.

Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 to 0.10.12, when the "Dissect unknown RPC program numbers" option is enabled

CVE-2005-3245 - October 27, 2005

Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 to 0.10.12, when the "Dissect unknown RPC program numbers" option is enabled, allows remote attackers to cause a denial of service (memory consumption).

The BER dissector in Ethereal 0.10.3 to 0.10.12

CVE-2005-3244 - October 27, 2005

The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

Multiple buffer overflows in Ethereal 0.10.12 and earlier might

CVE-2005-3243 - October 27, 2005

Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow remote attackers to execute arbitrary code via unknown vectors in the (1) SLIMP3 and (2) AgentX dissector.

Multiple vulnerabilities in Ethereal 0.10.12 and earlier

CVE-2005-3241 - October 27, 2005

Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors in the (1) ISAKMP, (2) FC-FCS, (3) RSVP, and (4) ISIS LSP dissector.

Buffer overflow vulnerability in the unicode_to_bytes in the Service Location Protocol (srvloc) dissector (packet-srvloc.c) in Ethereal

CVE-2005-3184 - October 20, 2005

Buffer overflow vulnerability in the unicode_to_bytes in the Service Location Protocol (srvloc) dissector (packet-srvloc.c) in Ethereal allows remote attackers to execute arbitrary code via a srvloc packet with a modified length value.

Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, (3) DHCP, (4) MEGACO dissector, or (5) H1 dissector in Ethereal 0.8.15 through 0.10.11

CVE-2005-2363 - August 10, 2005

Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, (3) DHCP, (4) MEGACO dissector, or (5) H1 dissector in Ethereal 0.8.15 through 0.10.11 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

Format string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 through 0.10.11, as used in multiple dissectors

CVE-2005-2367 - August 10, 2005

Format string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 through 0.10.11, as used in multiple dissectors, allows remote attackers to write to arbitrary memory locations and gain privileges via a crafted AFP packet.

Unknown vulnerability in the BER dissector in Ethereal 0.10.11

CVE-2005-2366 - August 10, 2005

Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows remote attackers to cause a denial of service (abort or infinite loop) via unknown attack vectors.

Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through 0.10.11

CVE-2005-2365 - August 10, 2005

Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a buffer overflow or a denial of service (memory consumption) via unknown attack vectors.

Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) CAMEL dissector in Ethereal 0.8.20 through 0.10.11 allows remote attackers to cause a denial of service (application crash) via certain packets

CVE-2005-2364 - August 10, 2005

Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) CAMEL dissector in Ethereal 0.8.20 through 0.10.11 allows remote attackers to cause a denial of service (application crash) via certain packets that cause a null pointer dereference.

Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through 0.10.11

CVE-2005-2360 - August 10, 2005

Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through 0.10.11 allows remote attackers to cause a denial of service (free static memory and application crash) via unknown attack vectors.

Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, (3) DOCSIS dissector, (4) SCTP graphs, (5) HTTP dissector, (6) DCERPC, (7) DHCP, (8) RADIUS dissector, (9) Telnet dissector, (10) IS-IS LSP dissector, or (11) NCP dissector in Ethereal 0.8.19 through 0.10.11

CVE-2005-2361 - August 10, 2005

Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, (3) DOCSIS dissector, (4) SCTP graphs, (5) HTTP dissector, (6) DCERPC, (7) DHCP, (8) RADIUS dissector, (9) Telnet dissector, (10) IS-IS LSP dissector, or (11) NCP dissector in Ethereal 0.8.19 through 0.10.11 allows remote attackers to cause a denial of service (application crash or abort) via unknown attack vectors.

Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.10.11

CVE-2005-2362 - August 10, 2005

Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a denial of service (application crash) by reassembling certain packets.

Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet dissectors in Ethereal before 0.10.11

CVE-2005-1456 - May 05, 2005

Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (abort).

Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, (4) SMB, or (5) Bittorrent dissectors in Ethereal before 0.10.11

CVE-2005-1470 - May 05, 2005

Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, (4) SMB, or (5) Bittorrent dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors.

Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11

CVE-2005-1469 - May 05, 2005

Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 allows remote attackers to cause the dissector to access an invalid pointer.

Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, (4) KINK, (5) MGCP, (6) RPC, (7) SMBMailslot, and (8) SMB NETLOGON dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) via unknown vectors

CVE-2005-1468 - May 05, 2005

Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, (4) KINK, (5) MGCP, (6) RPC, (7) SMBMailslot, and (8) SMB NETLOGON dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) via unknown vectors that lead to a null dereference.

Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11

CVE-2005-1467 - May 05, 2005

Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (memory exhaustion) via unknown vectors.

Unknown vulnerability in the DICOM dissector in Ethereal before 0.10.11

CVE-2005-1466 - May 05, 2005

Unknown vulnerability in the DICOM dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (large memory allocation) via unknown vectors.

Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11

CVE-2005-1465 - May 05, 2005

Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (long loop).

Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, (4) EIGRP, (5) DLSw, (6) MEGACO, (7) LMP, and (8) RSVP dissectors in Ethereal before 0.10.11

CVE-2005-1464 - May 05, 2005

Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, (4) EIGRP, (5) DLSw, (6) MEGACO, (7) LMP, and (8) RSVP dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (infinite loop).

Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A dissectors in Ethereal before 0.10.11 may

CVE-2005-1463 - May 05, 2005

Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A dissectors in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code.

Double free vulnerability in the ICEP dissector in Ethereal before 0.10.11 may

CVE-2005-1462 - May 05, 2005

Double free vulnerability in the ICEP dissector in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code.

Buffer Overflow

Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, (5) CRMF, (6) ESS, (7) OCSP, (8) X.509, (9) ISIS, (10) DISTCC, (11) FCELS, (12) Q.931, (13) NCP, (14) TCAP, (15) ISUP, (16) MEGACO, (17) PKIX1Explitit, (18) PKIX_Qualified, (19) Presentation dissectors in Ethereal before 0.10.11

CVE-2005-1461 - May 05, 2005

Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, (5) CRMF, (6) ESS, (7) OCSP, (8) X.509, (9) ISIS, (10) DISTCC, (11) FCELS, (12) Q.931, (13) NCP, (14) TCAP, (15) ISUP, (16) MEGACO, (17) PKIX1Explitit, (18) PKIX_Qualified, (19) Presentation dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.

Multiple unknown dissectors in Ethereal before 0.10.11

CVE-2005-1460 - May 05, 2005

Multiple unknown dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (assert error) via an invalid protocol tree item length.

Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) NDPS, (5) IAX2, (6) RADIUS, (7) TCAP, (8) MRDISC, (9) 802.3 Slow, (10) SMBMailslot, or (11) SMB PIPE dissectors in Ethereal before 0.10.11

CVE-2005-1459 - May 05, 2005

Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) NDPS, (5) IAX2, (6) RADIUS, (7) TCAP, (8) MRDISC, (9) 802.3 Slow, (10) SMBMailslot, or (11) SMB PIPE dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (assert error).

Multiple unknown "other problems" in the KINK dissector in Ethereal before 0.10.11 have unknown impact and attack vectors.

CVE-2005-1458 - May 05, 2005

Multiple unknown "other problems" in the KINK dissector in Ethereal before 0.10.11 have unknown impact and attack vectors.

Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) FibreChannel, (4) GSM_MAP, (5) SRVLOC, and (6) NTLMSSP dissectors in Ethereal before 0.10.11

CVE-2005-1457 - May 05, 2005

Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) FibreChannel, (4) GSM_MAP, (5) SRVLOC, and (6) NTLMSSP dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash).

The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the "ignore cipher bit" option enabled

CVE-2005-0705 - May 02, 2005

The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the "ignore cipher bit" option enabled. allows remote attackers to cause a denial of service (application crash).

Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0.10.9

CVE-2005-0704 - May 02, 2005

Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0.10.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.

The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values

CVE-2005-0739 - May 02, 2005

The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions.

Numeric Errors

Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 through 0.10.9

CVE-2005-0766 - May 02, 2005

Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 through 0.10.9 allows remote attackers to cause a denial of service (application crash).

Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through 0.10.8 allows remote attackers to cause "memory corruption

CVE-2005-0008 - May 02, 2005

Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through 0.10.8 allows remote attackers to cause "memory corruption."

Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through 0.10.8

CVE-2005-0010 - May 02, 2005

Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through 0.10.8 allows remote attackers to cause a denial of service by triggering a free of statically allocated memory.

Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 through 0.10.8

CVE-2005-0009 - May 02, 2005

Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash).

Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through 0.10.8

CVE-2005-0007 - May 02, 2005

Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash from assertion).

The COPS dissector in Ethereal 0.10.6 through 0.10.8

CVE-2005-0006 - May 02, 2005

The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (infinite loop).

Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8

CVE-2005-0084 - May 02, 2005

Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 allows remote attackers to execute arbitrary code via a crafted packet.

Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9

CVE-2005-0765 - March 12, 2005

Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash).

Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier

CVE-2005-0699 - March 08, 2005

Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.

Ethereal 0.9.0 through 0.10.7

CVE-2004-1140 - December 31, 2004

Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (application hang) and possibly fill available disk space via an invalid RTP timestamp.

The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service (application crash) via a certain packet

CVE-2004-1141 - December 31, 2004

The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service (application crash) via a certain packet that causes the dissector to access previously-freed memory.

Unknown vulnerability in Ethereal 0.8.13 to 0.10.2

CVE-2004-1761 - December 31, 2004

Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to cause a denial of service (segmentation fault) via a malformed color filter file.

Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7

CVE-2004-1139 - December 15, 2004

Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).

Ethereal 0.9.0 through 0.10.7

CVE-2004-1142 - December 15, 2004

Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.

The iSNS dissector for Ethereal 0.10.3 through 0.10.4

CVE-2004-0633 - December 06, 2004

The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.

The SNMP dissector in Ethereal 0.8.15 through 0.10.4

CVE-2004-0635 - December 06, 2004

The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.

The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4

CVE-2004-0634 - December 06, 2004

The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.

Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash)

CVE-2004-0504 - August 18, 2004

Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.

The AIM dissector in Ethereal 0.10.3

CVE-2004-0505 - August 18, 2004

The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.

The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors

CVE-2004-0506 - August 18, 2004

The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference.

Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3

CVE-2004-0507 - August 18, 2004

Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2

CVE-2004-0176 - May 04, 2004

Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors.

Ethereal 0.10.1 to 0.10.2

CVE-2004-0367 - May 04, 2004

Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector.

The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet

CVE-2003-1012 - January 05, 2004

The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets.

Buffer overflow in Ethereal 0.9.15 and earlier

CVE-2003-0925 - December 01, 2003

Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string.

Heap-based buffer overflow in Ethereal 0.9.15 and earlier

CVE-2003-0927 - December 01, 2003

Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector.

Ethereal 0.9.15 and earlier, and Tethereal

CVE-2003-0926 - December 01, 2003

Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to cause a denial of service (crash) via certain malformed (1) ISAKMP or (2) MEGACO packets.

Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier

CVE-2003-0428 - July 24, 2003

Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string.

The OSI dissector in Ethereal 0.9.12 and earlier

CVE-2003-0429 - July 24, 2003

The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow.

The SPNEGO dissector in Ethereal 0.9.12 and earlier

CVE-2003-0430 - July 24, 2003

The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value.

The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size

CVE-2003-0431 - July 24, 2003

The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences.

Ethereal 0.9.12 and earlier does not handle certain strings properly

CVE-2003-0432 - July 24, 2003

Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors.

Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier

CVE-2003-0356 9.8 - Critical - June 09, 2003

Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.

off-by-five

Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier

CVE-2003-0357 - June 09, 2003

Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors.

Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier

CVE-2003-0159 - April 02, 2003

Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9

CVE-2003-0081 - March 18, 2003

Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.

Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier

CVE-2002-1355 - December 23, 2002

Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of service (infinite loop) via malformed messages.

Ethereal 0.9.7 and earlier

CVE-2002-1356 - December 23, 2002

Ethereal 0.9.7 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed packets to the (1) LMP, (2) PPP, or (3) TDS dissectors, possibly related to a missing field for EndVerifyAck messages.

Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier

CVE-2002-0834 - September 24, 2002

Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets.

Buffer overflows in Ethereal 0.9.4 and earlier

CVE-2002-0821 - August 12, 2002

Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector.

Ethereal 0.9.4 and earlier

CVE-2002-0822 - August 12, 2002

Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump.

The ASN.1 parser in Ethereal 0.9.2 and earlier

CVE-2002-0353 - June 25, 2002

The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a certain malformed packet, which causes Ethereal to allocate memory incorrectly, possibly due to zero-length fields.

SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets

CVE-2002-0401 7.5 - High - June 18, 2002

SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.

NULL Pointer Dereference

Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier

CVE-2002-0402 - June 18, 2002

Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms.

DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet

CVE-2002-0403 - June 18, 2002

DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop.

Vulnerability in GIOP dissector in Ethereal before 0.9.3

CVE-2002-0404 - June 18, 2002

Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption).

Ethereal allows local users to overwrite arbitrary files

CVE-1999-1227 - July 30, 1999

Ethereal allows local users to overwrite arbitrary files via a symlink attack on the packet capture file.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Etherealgroup Ethereal or by Etherealgroup? Click the Watch button to subscribe.

Etherealgroup
Vendor

Etherealgroup Ethereal
Product

Etherealgroup Ethereal

By the Year

Recent Etherealgroup Ethereal Security Vulnerabilities

Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 CVE-2006-1933 - April 25, 2006

Off-by-one error in the OID printing routine in Ethereal 0.10.x up to 0.10.14 has unknown impact and remote attack vectors. CVE-2006-1932 - April 25, 2006

Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 CVE-2006-1940 - April 25, 2006

Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 CVE-2006-1939 - April 25, 2006

Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 CVE-2006-1938 - April 25, 2006

Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 CVE-2006-1937 - April 25, 2006

Buffer overflow in Ethereal 0.8.5 up to 0.10.14 CVE-2006-1936 - April 25, 2006

Buffer overflow in Ethereal 0.9.15 up to 0.10.14 CVE-2006-1935 - April 25, 2006

Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 CVE-2006-1934 - April 25, 2006

Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to 0.10.13 CVE-2005-4585 - December 29, 2005

Stack-based buffer overflow in the dissect_ospf_v3_address_prefix function in the OSPF protocol dissector in Ethereal 0.10.12, and possibly other versions CVE-2005-3651 - December 10, 2005

The IRC protocol dissector in Ethereal 0.10.13 CVE-2005-3313 - November 01, 2005

Ethereal 0.10.12 and earlier CVE-2005-3242 - October 27, 2005

Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to 0.10.12 allows remote attackers to cause a denial of service or corrupt memory via unknown vectors CVE-2005-3249 - October 27, 2005

Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and earlier CVE-2005-3248 - October 27, 2005

The SigComp UDVM in Ethereal 0.10.12 CVE-2005-3247 - October 27, 2005

Ethereal 0.10.12 and earlier CVE-2005-3246 - October 27, 2005

Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 to 0.10.12, when the "Dissect unknown RPC program numbers" option is enabled CVE-2005-3245 - October 27, 2005

The BER dissector in Ethereal 0.10.3 to 0.10.12 CVE-2005-3244 - October 27, 2005

Multiple buffer overflows in Ethereal 0.10.12 and earlier might CVE-2005-3243 - October 27, 2005

Multiple vulnerabilities in Ethereal 0.10.12 and earlier CVE-2005-3241 - October 27, 2005

Buffer overflow vulnerability in the unicode_to_bytes in the Service Location Protocol (srvloc) dissector (packet-srvloc.c) in Ethereal CVE-2005-3184 - October 20, 2005

Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, (3) DHCP, (4) MEGACO dissector, or (5) H1 dissector in Ethereal 0.8.15 through 0.10.11 CVE-2005-2363 - August 10, 2005

Format string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 through 0.10.11, as used in multiple dissectors CVE-2005-2367 - August 10, 2005

Unknown vulnerability in the BER dissector in Ethereal 0.10.11 CVE-2005-2366 - August 10, 2005

Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through 0.10.11 CVE-2005-2365 - August 10, 2005

Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) CAMEL dissector in Ethereal 0.8.20 through 0.10.11 allows remote attackers to cause a denial of service (application crash) via certain packets CVE-2005-2364 - August 10, 2005

Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through 0.10.11 CVE-2005-2360 - August 10, 2005

Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.10.11 CVE-2005-2362 - August 10, 2005

Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet dissectors in Ethereal before 0.10.11 CVE-2005-1456 - May 05, 2005

Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, (4) SMB, or (5) Bittorrent dissectors in Ethereal before 0.10.11 CVE-2005-1470 - May 05, 2005

Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 CVE-2005-1469 - May 05, 2005

Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, (4) KINK, (5) MGCP, (6) RPC, (7) SMBMailslot, and (8) SMB NETLOGON dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) via unknown vectors CVE-2005-1468 - May 05, 2005

Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 CVE-2005-1467 - May 05, 2005

Unknown vulnerability in the DICOM dissector in Ethereal before 0.10.11 CVE-2005-1466 - May 05, 2005

Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 CVE-2005-1465 - May 05, 2005

Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, (4) EIGRP, (5) DLSw, (6) MEGACO, (7) LMP, and (8) RSVP dissectors in Ethereal before 0.10.11 CVE-2005-1464 - May 05, 2005

Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A dissectors in Ethereal before 0.10.11 may CVE-2005-1463 - May 05, 2005

Double free vulnerability in the ICEP dissector in Ethereal before 0.10.11 may CVE-2005-1462 - May 05, 2005

Multiple unknown dissectors in Ethereal before 0.10.11 CVE-2005-1460 - May 05, 2005

Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) NDPS, (5) IAX2, (6) RADIUS, (7) TCAP, (8) MRDISC, (9) 802.3 Slow, (10) SMBMailslot, or (11) SMB PIPE dissectors in Ethereal before 0.10.11 CVE-2005-1459 - May 05, 2005

Multiple unknown "other problems" in the KINK dissector in Ethereal before 0.10.11 have unknown impact and attack vectors. CVE-2005-1458 - May 05, 2005

Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) FibreChannel, (4) GSM_MAP, (5) SRVLOC, and (6) NTLMSSP dissectors in Ethereal before 0.10.11 CVE-2005-1457 - May 05, 2005

The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the "ignore cipher bit" option enabled CVE-2005-0705 - May 02, 2005

Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0.10.9 CVE-2005-0704 - May 02, 2005

The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values CVE-2005-0739 - May 02, 2005

Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 through 0.10.9 CVE-2005-0766 - May 02, 2005

Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through 0.10.8 allows remote attackers to cause "memory corruption CVE-2005-0008 - May 02, 2005

Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through 0.10.8 CVE-2005-0010 - May 02, 2005

Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 through 0.10.8 CVE-2005-0009 - May 02, 2005

Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through 0.10.8 CVE-2005-0007 - May 02, 2005

The COPS dissector in Ethereal 0.10.6 through 0.10.8 CVE-2005-0006 - May 02, 2005

Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 CVE-2005-0084 - May 02, 2005

Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 CVE-2005-0765 - March 12, 2005

Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier CVE-2005-0699 - March 08, 2005

Ethereal 0.9.0 through 0.10.7 CVE-2004-1140 - December 31, 2004

The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service (application crash) via a certain packet CVE-2004-1141 - December 31, 2004

Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 CVE-2004-1761 - December 31, 2004

Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 CVE-2004-1139 - December 15, 2004

Ethereal 0.9.0 through 0.10.7 CVE-2004-1142 - December 15, 2004

The iSNS dissector for Ethereal 0.10.3 through 0.10.4 CVE-2004-0633 - December 06, 2004

The SNMP dissector in Ethereal 0.8.15 through 0.10.4 CVE-2004-0635 - December 06, 2004

The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 CVE-2004-0634 - December 06, 2004

Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) CVE-2004-0504 - August 18, 2004

The AIM dissector in Ethereal 0.10.3 CVE-2004-0505 - August 18, 2004

The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors CVE-2004-0506 - August 18, 2004

Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 CVE-2004-0507 - August 18, 2004

Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 CVE-2004-0176 - May 04, 2004

Ethereal 0.10.1 to 0.10.2 CVE-2004-0367 - May 04, 2004

The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet CVE-2003-1012 - January 05, 2004

Buffer overflow in Ethereal 0.9.15 and earlier CVE-2003-0925 - December 01, 2003

Heap-based buffer overflow in Ethereal 0.9.15 and earlier CVE-2003-0927 - December 01, 2003

Ethereal 0.9.15 and earlier, and Tethereal CVE-2003-0926 - December 01, 2003

Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier CVE-2003-0428 - July 24, 2003

The OSI dissector in Ethereal 0.9.12 and earlier CVE-2003-0429 - July 24, 2003

The SPNEGO dissector in Ethereal 0.9.12 and earlier CVE-2003-0430 - July 24, 2003

The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size CVE-2003-0431 - July 24, 2003