CVE-2013-0722
published 2013-01-11CVE-2013-0722: Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a…
PriorityP424medium4.4CVSS 2.0
AVLACMAuNCPIPAP
EXPLOIT
EPSS
0.84%
53.2th percentile
Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ettercap | < ettercap 1:0.7.5.1-2 (bookworm) | ettercap 1:0.7.5.1-2 (bookworm) |
| ettercap-project | ettercap | <= 0.7.5.1 | — |
| ettercap-project | ettercap | — | — |
| ettercap-project | ettercap | — | — |
| ettercap-project | ettercap | — | — |
| ettercap-project | ettercap | — | — |
| ettercap-project | ettercap | — | — |
| ettercap-project | ettercap | — | — |
| ettercap-project | ettercap | >= 0 < 1:0.7.5.1-2 | 1:0.7.5.1-2 |
| ettercap-project | ettercap | >= 0 < 1:0.7.5.1-2 | 1:0.7.5.1-2 |
| ettercap-project | ettercap | >= 0 < 1:0.7.5.1-2 | 1:0.7.5.1-2 |
| ettercap-project | ettercap | >= 0 < 1:0.7.5.1-2 | 1:0.7.5.1-2 |
CVSS provenance
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv4.4MEDIUM
vendor_debian4.4LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4g48-xcj2-xjr4: Stack-based buffer overflow in the scan_load_hosts function in ec_scan
ghsa_unreviewed·2022-05-13
CVE-2013-0722 [MEDIUM] CWE-119 GHSA-4g48-xcj2-xjr4: Stack-based buffer overflow in the scan_load_hosts function in ec_scan
Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line.
OSV
CVE-2013-0722: Stack-based buffer overflow in the scan_load_hosts function in ec_scan
osv·2013-01-11·CVSS 4.4
CVE-2013-0722 [MEDIUM] CVE-2013-0722: Stack-based buffer overflow in the scan_load_hosts function in ec_scan
Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line.
Debian
CVE-2013-0722: ettercap - Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ette...
vendor_debian·2013·CVSS 4.4
CVE-2013-0722 [MEDIUM] CVE-2013-0722: ettercap - Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ette...
Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line.
Scope: local
bookworm: resolved (fixed in 1:0.7.5.1-2)
bullseye: resolved (fixed in 1:0.7.5.1-2)
forky: resolved (fixed in 1:0.7.5.1-2)
sid: resolved (fixed in 1:0.7.5.1-2)
trixie: resolved (fixed in 1:0.7.5.1-2)
No detection rules found.
Bugzilla
CVE-2013-0722 ettercap: stack-based buffer overflow when parsing hosts list [fedora-all]
bugzilla·2013-01-10·CVSS 4.4
CVE-2013-0722 [MEDIUM] CVE-2013-0722 ettercap: stack-based buffer overflow when parsing hosts list [fedora-all]
CVE-2013-0722 ettercap: stack-based buffer overflow when parsing hosts list [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: thi
Bugzilla
CVE-2013-0722 ettercap: stack-based buffer overflow when parsing hosts list
bugzilla·2013-01-10·CVSS 4.4
CVE-2013-0722 [MEDIUM] CVE-2013-0722 ettercap: stack-based buffer overflow when parsing hosts list
CVE-2013-0722 ettercap: stack-based buffer overflow when parsing hosts list
A stack-based buffer overflow was reported [1],[2] in Ettercap When is it going to be released?
https://github.com/Ettercap/ettercap/archive/v0.7.5.2.tar.gz
---
Ah, I see. It's not on the website. :)
---
Please don't update to 0.7.5.2 unless you patch include/ec_version.h file!
Is still in the old version, I think we will release 0.7.5.3 soon
---
Ok, my build failed for some reason anyway, please let me know as soon as 0.7.5.3 is out.
---
(In reply to comment #9)
> Ok, my build failed for some reason anyway, please let me know as soon as
> 0.7.5.3 is out.
It doesn't fail here(on gentoo), what's your problem?
---
I was fine locally and in mock, but failed in koji in rawhide. Investigating. Might have b
Bugzilla
CVE-2013-0722 ettercap: stack-based buffer overflow when parsing hosts list [epel-all]
bugzilla·2013-01-10·CVSS 4.4
CVE-2013-0722 [MEDIUM] CVE-2013-0722 ettercap: stack-based buffer overflow when parsing hosts list [epel-all]
CVE-2013-0722 ettercap: stack-based buffer overflow when parsing hosts list [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note:
http://secunia.com/advisories/51731http://www.exploit-db.com/exploits/23945/http://www.securation.com/files/2013/01/ec.patchhttp://www.securityfocus.com/bid/57175https://bugs.gentoo.org/show_bug.cgi?id=451198https://bugzilla.redhat.com/show_bug.cgi?id=894092http://secunia.com/advisories/51731http://www.exploit-db.com/exploits/23945/http://www.securation.com/files/2013/01/ec.patchhttp://www.securityfocus.com/bid/57175https://bugs.gentoo.org/show_bug.cgi?id=451198https://bugzilla.redhat.com/show_bug.cgi?id=894092
2013-01-11
Published