Vulnerability Note VU#361700
Ethereal contains integer overflow in PPP dissector
Ethereal is a network traffic analysis package. The PPP packet dissector contains a vulnerability that may result in the execution of arbitrary code.
The PPP packet dissector for Ethereal contains an integer overflow vulnerability. According to the Ethereal Advisory, tvb_get_nstringz() and tvb_get_nstringz0() were used in an unsafe manner.
Versions 0.9.11 and earlier of Ethereal are affected.
It may be possible for a remote attacker to crash the program or run arbitrary code on the system via a crafted packet.
Upgrade to version 0.9.12 which resolves this issue.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Ethereal||Affected||-||12 May 2003|
CVSS Metrics (Learn More)
Thanks to Timo Sirainen for reporting this vulnerability.
This document was written by Jason A Rafail and is based upon information in the Ethereal Advisory.
- CVE IDs: Unknown
- Date Public: 01 May 2003
- Date First Published: 12 May 2003
- Date Last Updated: 12 May 2003
- Severity Metric: 6.95
- Document Revision: 4
If you have feedback, comments, or additional information about this vulnerability, please send us email.