CVE-2003-0356

Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.

Published: Jun 9, 2003
Updated: May 9, 2024
CVE: CVE-2003-0356
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-193

Affected Software
References

Software	From	Fixed in
ethereal / ethereal	-	0.9.12

http://www.debian.org/security/2003/dsa-313
http://www.ethereal.com/appnotes/enpa-sa-00009.html
http://www.kb.cert.org/vuls/id/641013
http://www.mandriva.com/security/advisories?name=MDKSA-2003:067
http://www.redhat.com/support/errata/RHSA-2003-077.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A69

Vulnerability Database

289,599

CVE-2003-0356