Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.10.13

Several vulnerabilities in Ethereal have been disclosed by the vendor. The reported issues are in various protocol dissectors.

These issues include:
- Buffer-overflow vulnerabilities
- Null-pointer dereference denial-of-service vulnerabilities
- Infinite loop denial-of-service vulnerabilities
- Memory exhaustion denial-of-service vulnerabilities
- Division by zero denial-of-service vulnerabilities
- Invalid pointer free() attempt denial-of-service vulnerabilities
- Unspecified denial-of-service vulnerabilities

These issues could allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Attackers could also crash the affected application.

Various vulnerabilities affect different versions of Ethereal, from 0.7.7 through to 0.10.12.


 

Privacy Statement
Copyright 2010, SecurityFocus