The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions.
References
Configurations
History
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://anonsvn.ethereal.com/viewcvs/viewcvs.py?view=rev&rev=13707 - URL Repurposed | |
References | (CONFIRM) http://www.ethereal.com/appnotes/enpa-sa-00018.html - Patch, URL Repurposed |
Information
Published : 2005-05-02 04:00
Updated : 2024-02-28 10:42
NVD link : CVE-2005-0739
Mitre link : CVE-2005-0739
CVE.ORG link : CVE-2005-0739
JSON object : View
Products Affected
ethereal_group
- ethereal
CWE
CWE-189
Numeric Errors