Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0333Infinite Loop in Group Ethereal

5 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
6.9%
top 8.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Ethereal Group EtherealLBL Tcpdump
Timeline
PublishedMay 31
Latest updateApr 30

Description

tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDlbl/tcpdump3.4, 3.5a+1
NVDethereal_group/ethereal0.8.4, 0.8.5, 0.8.6+2

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-fpxw-v79p-g5g4: tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset ref2022-04-30
CVEList
CVE-2000-0333: tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset ref2000-05-18

💥Exploits & PoCs

2
Exploit-DB
Ethereal 0.8.4/0.8.5/0.8.6 / tcpdump 3.4/3.5 alpha - DNS Decode (2)1999-05-31
Exploit-DB
Ethereal 0.8.4/0.8.5/0.8.6 / tcpdump 3.4/3.5 alpha - DNS Decode (1)1999-05-31
CVE-2000-0333 — Infinite Loop in Group Ethereal | cvebase