CVE-2003-0925
published 2003-12-01CVE-2003-0925: Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP…
PriorityP430high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
5.66%
92.0th percentile
Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2003-11-03·CVSS 7.5
CVE-2003-0925 [HIGH] security flaw
security flaw
Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string.
GHSA
GHSA-f86f-3g5x-82q5: Buffer overflow in Ethereal 0
ghsa_unreviewed·2022-04-29
CVE-2003-0925 [HIGH] GHSA-f86f-3g5x-82q5: Buffer overflow in Ethereal 0
Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2003-0925 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2003-0925 [HIGH] CVE-2003-0925 security flaw
CVE-2003-0925 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string.
Bugzilla
CAN-2003-0925/6/7 Ethereal 0.9.13 has three exploitable security issues
bugzilla·2003-11-05
[MEDIUM] CAN-2003-0925/6/7 Ethereal 0.9.13 has three exploitable security issues
CAN-2003-0925/6/7 Ethereal 0.9.13 has three exploitable security issues
Three newissues in Ethereal prior to 0.9.16 according to
http://www.ethereal.com/appnotes/enpa-sa-00011.html on Nov03
CVE applied for.
An improperly formatted GTP MSISDN string could cause a buffer
overflow in versions of Ethereal prior to 0.9.16.
A malformed ISAKMP or MEGACO packet could make Ethereal prior to version
0.9.16 crash.
The SOCKS dissector in Ethereal prior to version 0.9.16 is susceptible
to a heap overflow.
This affects: 2.1AS 2.1AW 2.1ES 2.1WS 3AS 3WS 3ES
Errata RHSA-2003:324 in progress
Discussion:
CAN-2003-0925, CAN-2003-0926, CAN-2003-0927 respectively
---
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a reso
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000780http://secunia.com/advisories/10531http://www.debian.org/security/2003/dsa-407http://www.ethereal.com/appnotes/enpa-sa-00011.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2003:114http://www.redhat.com/support/errata/RHSA-2003-323.htmlhttp://www.redhat.com/support/errata/RHSA-2003-324.htmlhttp://www.securityfocus.com/bid/8951http://www.turbolinux.com/security/TLSA-2003-64.txthttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9692http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000780http://secunia.com/advisories/10531http://www.debian.org/security/2003/dsa-407http://www.ethereal.com/appnotes/enpa-sa-00011.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2003:114http://www.redhat.com/support/errata/RHSA-2003-323.htmlhttp://www.redhat.com/support/errata/RHSA-2003-324.htmlhttp://www.securityfocus.com/bid/8951http://www.turbolinux.com/security/TLSA-2003-64.txthttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9692
2003-12-01
Published