CVE-2000-0333

Ethereal - Denial of Service via Malformed DNS Packet

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2000-0333. PoCs published by scut, Hugo Breton.

AI-analyzed exploit summary The vulnerability in tcpdump and other sniffers (e.g., Ethereal) involves a DNS name compression flaw that triggers an infinite loop during packet decompression, leading to a DoS condition. This affects real-time packet analysis but not file-based logging.

Description

tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet.

Exploits (2)

exploitdb WRITEUP VERIFIED

by scut · textremotelinux

https://www.exploit-db.com/exploits/19892

View Code ZIP pw:eip

The vulnerability in tcpdump and other sniffers (e.g., Ethereal) involves a DNS name compression flaw that triggers an infinite loop during packet decompression, leading to a DoS condition. This affects real-time packet analysis but not file-based logging.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: tcpdump (LBL), Ethereal (Gerald Combs)

No auth needed

Prerequisites: Ability to send crafted DNS packets to a target running vulnerable sniffer software

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Hugo Breton · cremotelinux

https://www.exploit-db.com/exploits/19891

View Code ZIP pw:eip

This exploit demonstrates a DoS vulnerability in tcpdump and other sniffers by crafting a malformed DNS packet that triggers an infinite loop during decompression. The PoC sends a UDP packet to a target DNS server, causing tcpdump to hang when processing it.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: tcpdump (versions prior to fix), Ethereal, and other DNS-decoding sniffers

No auth needed

Prerequisites: Network access to a vulnerable DNS server or sniffer · Ability to send UDP packets to port 53

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.SOL.4.10.10005021942380.2077-100000%40paranoia.pgci.ca

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1165

Scores

EPSS 0.0758

EPSS Percentile 93.7%

Details

Status published

Products (5)

ethereal_group/ethereal 0.8.4

ethereal_group/ethereal 0.8.5

ethereal_group/ethereal 0.8.6

lbl/tcpdump 3.4

lbl/tcpdump 3.5a

Published May 31, 1999

Tracked Since Feb 18, 2026