Ethereal GroupCVEs & Vulnerabilities

105 CVEs affecting Ethereal Group products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

ethereal 1,889
CVE-2005-1467MEDIUM

Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (memory exhaustion) via unknown vectors.

5 May 2005
5.0
CVSS
CVE-2005-1468MEDIUM

Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, (4) KINK, (5) MGCP, (6) RPC, (7) SMBMailslot, and (8) SMB NETLOGON dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) via unknown vectors that lead to a null dereference.

5 May 2005
5.0
CVSS
CVE-2005-1469MEDIUM

Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 allows remote attackers to cause the dissector to access an invalid pointer.

5 May 2005
5.0
CVSS
CVE-2005-1461HIGHpoc

Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, (5) CRMF, (6) ESS, (7) OCSP, (8) X.509, (9) ISIS, (10) DISTCC, (11) FCELS, (12) Q.931, (13) NCP, (14) TCAP, (15) ISUP, (16) MEGACO, (17) PKIX1Explitit, (18) PKIX_Qualified, (19) Presentation dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.

5 May 2005
7.5
CVSS
CVE-2005-1470MEDIUMpoc

Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, (4) SMB, or (5) Bittorrent dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors.

5 May 2005
5.0
CVSS
CVE-2005-0006MEDIUM

The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (infinite loop).

2 May 2005
5.0
CVSS
CVE-2005-0007MEDIUM

Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash from assertion).

2 May 2005
5.0
CVSS
CVE-2005-0008MEDIUM

Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through 0.10.8 allows remote attackers to cause "memory corruption."

2 May 2005
5.0
CVSS
CVE-2005-0009MEDIUM

Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash).

2 May 2005
5.0
CVSS
CVE-2005-0010MEDIUM

Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through 0.10.8 allows remote attackers to cause a denial of service by triggering a free of statically allocated memory.

2 May 2005
5.0
CVSS
CVE-2005-0084HIGH

Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 allows remote attackers to execute arbitrary code via a crafted packet.

2 May 2005
7.5
CVSS
CVE-2005-0704HIGH

Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0.10.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.

2 May 2005
7.5
CVSS
CVE-2005-0705MEDIUM

The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the "ignore cipher bit" option enabled. allows remote attackers to cause a denial of service (application crash).

2 May 2005
5.0
CVSS
CVE-2005-0766MEDIUM

Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 through 0.10.9 allows remote attackers to cause a denial of service (application crash).

2 May 2005
5.0
CVSS
CVE-2005-0739MEDIUMpoc

The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions.

2 May 2005
5.0
CVSS
CVE-2005-1281MEDIUM

Ethereal 0.10.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.

26 Apr 2005
5.0
CVSS
CVE-2005-0765MEDIUM

Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash).

12 Mar 2005
5.0
CVSS
CVE-2005-0699HIGH

Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.

8 Mar 2005
7.5
CVSS
CVE-2004-1140MEDIUM

Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (application hang) and possibly fill available disk space via an invalid RTP timestamp.

31 Dec 2004
5.0
CVSS
CVE-2004-1141MEDIUM

The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service (application crash) via a certain packet that causes the dissector to access previously-freed memory.

31 Dec 2004
5.0
CVSS
CVE-2004-1761MEDIUM

Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to cause a denial of service (segmentation fault) via a malformed color filter file.

31 Dec 2004
5.0
CVSS
CVE-2004-1139MEDIUM

Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).

15 Dec 2004
5.0
CVSS
CVE-2004-1142MEDIUM

Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.

15 Dec 2004
5.0
CVSS
CVE-2004-1145MEDIUM

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.

15 Dec 2004
5.0
CVSS
CVE-2004-0634MEDIUM

The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.

6 Dec 2004
5.0
CVSS
CVE-2004-0635MEDIUM

The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.

6 Dec 2004
5.0
CVSS
CVE-2004-0633MEDIUMpoc

The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.

6 Dec 2004
5.0
CVSS
CVE-2004-0504MEDIUM

Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.

18 Aug 2004
5.0
CVSS
CVE-2004-0505MEDIUM

The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.

18 Aug 2004
5.0
CVSS
CVE-2004-0506MEDIUM

The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference.

18 Aug 2004
5.0
CVSS
CVE-2004-0507CRITICAL

Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

18 Aug 2004
10.0
CVSS
CVE-2004-0367MEDIUM

Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector.

4 May 2004
5.0
CVSS
CVE-2004-0176MEDIUMpoc

Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors.

4 May 2004
5.0
CVSS
CVE-2003-1012MEDIUM

The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets.

5 Jan 2004
5.0
CVSS
CVE-2003-0925HIGH

Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string.

1 Dec 2003
7.5
CVSS
CVE-2003-0926MEDIUM

Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to cause a denial of service (crash) via certain malformed (1) ISAKMP or (2) MEGACO packets.

1 Dec 2003
5.0
CVSS
CVE-2003-0927HIGH

Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector.

1 Dec 2003
7.5
CVSS
CVE-2003-0428MEDIUM

Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string.

24 Jul 2003
5.0
CVSS
CVE-2003-0429HIGH

The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow.

24 Jul 2003
7.5
CVSS
CVE-2003-0430MEDIUM

The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value.

24 Jul 2003
5.0
CVSS
CVE-2003-0431CRITICAL

The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences.

24 Jul 2003
10.0
CVSS
CVE-2003-0432CRITICAL

Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors.

24 Jul 2003
10.0
CVSS
CVE-2003-0357HIGH

Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors.

9 Jun 2003
7.5
CVSS
CVE-2003-0159HIGH

Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

2 Apr 2003
7.5
CVSS
CVE-2003-0081HIGH

Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.

18 Mar 2003
7.5
CVSS
CVE-2002-1355MEDIUM

Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of service (infinite loop) via malformed messages.

23 Dec 2002
5.0
CVSS
CVE-2002-1356HIGH

Ethereal 0.9.7 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed packets to the (1) LMP, (2) PPP, or (3) TDS dissectors, possibly related to a missing field for EndVerifyAck messages.

23 Dec 2002
7.5
CVSS
CVE-2002-0834HIGH

Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets.

24 Sep 2002
7.5
CVSS