CVE-2003-0927
published 2003-12-01CVE-2003-0927: Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via…
PriorityP433high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
5.23%
91.5th percentile
Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2003-11-03·CVSS 7.5
CVE-2003-0927 [HIGH] security flaw
security flaw
Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector.
GHSA
GHSA-g8cm-56x9-whp3: Heap-based buffer overflow in Ethereal 0
ghsa_unreviewed·2022-04-29
CVE-2003-0927 [HIGH] GHSA-g8cm-56x9-whp3: Heap-based buffer overflow in Ethereal 0
Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector.
No detection rules found.
Bugzilla
CVE-2003-0927 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2003-0927 [HIGH] CVE-2003-0927 security flaw
CVE-2003-0927 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector.
Bugzilla
CAN-2003-0925/6/7 Ethereal 0.9.13 has three exploitable security issues
bugzilla·2003-11-05
[MEDIUM] CAN-2003-0925/6/7 Ethereal 0.9.13 has three exploitable security issues
CAN-2003-0925/6/7 Ethereal 0.9.13 has three exploitable security issues
Three newissues in Ethereal prior to 0.9.16 according to
http://www.ethereal.com/appnotes/enpa-sa-00011.html on Nov03
CVE applied for.
An improperly formatted GTP MSISDN string could cause a buffer
overflow in versions of Ethereal prior to 0.9.16.
A malformed ISAKMP or MEGACO packet could make Ethereal prior to version
0.9.16 crash.
The SOCKS dissector in Ethereal prior to version 0.9.16 is susceptible
to a heap overflow.
This affects: 2.1AS 2.1AW 2.1ES 2.1WS 3AS 3WS 3ES
Errata RHSA-2003:324 in progress
Discussion:
CAN-2003-0925, CAN-2003-0926, CAN-2003-0927 respectively
---
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a reso
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000780http://secunia.com/advisories/10531http://www.debian.org/security/2003/dsa-407http://www.ethereal.com/appnotes/enpa-sa-00011.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2003:114http://www.redhat.com/support/errata/RHSA-2003-323.htmlhttp://www.redhat.com/support/errata/RHSA-2003-324.htmlhttp://www.securityfocus.com/bid/8951http://www.turbolinux.com/security/TLSA-2003-64.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/13578https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9691http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000780http://secunia.com/advisories/10531http://www.debian.org/security/2003/dsa-407http://www.ethereal.com/appnotes/enpa-sa-00011.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2003:114http://www.redhat.com/support/errata/RHSA-2003-323.htmlhttp://www.redhat.com/support/errata/RHSA-2003-324.htmlhttp://www.securityfocus.com/bid/8951http://www.turbolinux.com/security/TLSA-2003-64.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/13578https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9691
2003-12-01
Published