CVE-2005-0739

The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*

History

14 Feb 2024, 01:17

Type Values Removed Values Added
References (MISC) http://anonsvn.ethereal.com/viewcvs/viewcvs.py?view=rev&rev=13707 - (MISC) http://anonsvn.ethereal.com/viewcvs/viewcvs.py?view=rev&rev=13707 - URL Repurposed
References (CONFIRM) http://www.ethereal.com/appnotes/enpa-sa-00018.html - Patch (CONFIRM) http://www.ethereal.com/appnotes/enpa-sa-00018.html - Patch, URL Repurposed

Information

Published : 2005-05-02 04:00

Updated : 2024-02-28 10:42


NVD link : CVE-2005-0739

Mitre link : CVE-2005-0739

CVE.ORG link : CVE-2005-0739


JSON object : View

Products Affected

ethereal_group

  • ethereal
CWE
CWE-189

Numeric Errors