Detections
Analytics

CVE-2005-0739

critical

Description

The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9687

http://www.securityfocus.com/bid/12762

http://www.redhat.com/support/errata/RHSA-2005-306.html

http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html

http://www.mandriva.com/security/advisories?name=MDKSA-2005:053

http://www.gentoo.org/security/en/glsa/glsa-200503-16.xml

http://www.ethereal.com/appnotes/enpa-sa-00018.html

http://www.debian.org/security/2005/dsa-718

http://security.lss.hr/index.php?page=details&ID=LSS-2005-03-05

http://marc.info/?l=bugtraq&m=111066805726551&w=2

http://anonsvn.ethereal.com/viewcvs/viewcvs.py?view=rev&rev=13707

Details

Source: Mitre, NVD

Published: 2005-05-02

Updated: 2024-11-20

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical