10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.125 Low
EPSS
Percentile
95.4%
Ethereal is a feature-rich network protocol analyzer.
There are numerous vulnerabilities in versions of Ethereal prior to 0.10.13, including:
Furthermore an infinite loop was discovered in the IRC protocol dissector of the 0.10.13 release (CVE-2005-3313).
An attacker might be able to use these vulnerabilities to crash Ethereal or execute arbitrary code with the permissions of the user running Ethereal, which could be the root user.
There is no known workaround at this time.
All Ethereal users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.13-r1"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | net-analyzer/ethereal | < 0.10.13-r1 | UNKNOWN |