CVE-2002-1355 — Infinite Loop in Group Ethereal

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 27.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ethereal Group Ethereal

Timeline

PublishedDec 23

Latest updateApr 30

Description

Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of service (infinite loop) via malformed messages.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDethereal_group/ethereal0.9.7

Patches

Patch: www.ethereal.com ↗Patch: www.redhat.com ↗Patch: www.ethereal.com ↗

🔴Vulnerability Details

GHSA

GHSA-hv9p-63h4-xcc9: Multiple integer signedness errors in the BGP dissector in Ethereal 0↗2022-04-30

▶

CVEList

CVE-2002-1355: Multiple integer signedness errors in the BGP dissector in Ethereal 0↗2002-12-17

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-12-07

▶

💬Community

Bugzilla

CVE-2002-1355 security flaw↗2018-08-16

▶