Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0633

6 documents6 sources
Severity
5.0MEDIUM
EPSS
36.5%
top 2.87%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Ethereal Group EtherealMandrakesoft Mandrake LinuxRedhat Enterprise Linux+1 more
Timeline
PublishedDec 6
Latest updateApr 29

Description

The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDethereal_group/ethereal0.10.3, 0.10.4+1

Also affects: Enterprise Linux 2.1, 3.0

Patches

Patch: www.gentoo.orgPatch: www.mandrakesecure.netPatch: www.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-f7fx-ph3w-4868: The iSNS dissector for Ethereal 02022-04-29
CVEList
CVE-2004-0633: The iSNS dissector for Ethereal 02004-07-08

💥Exploits & PoCs

1
Exploit-DB
Ethereal 0.x - Multiple iSNS / SMB / SNMP Protocol Dissector Vulnerabilities2004-08-05

📋Vendor Advisories

1
Red Hat
security flaw2004-07-06

💬Community

1
Bugzilla
CVE-2004-0633 security flaw2018-08-16
CVE-2004-0633 (MEDIUM CVSS 5) | The iSNS dissector for Ethereal 0.1 | cvebase.io