CVE-2004-0176

Ethereal 0.8.13-0.10.2 - Multiple Buffer Overflow in NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP Dissectors

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-0176. PoCs published by Abhisek Datta, Rémi Denis-Courmont.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Ethereal's IGAP dissector (CVE-2004-0176). It uses a shellcode splitting technique to bypass memory constraints and achieves remote code execution by binding a shell to port 31337.

Description

Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Abhisek Datta · cremotelinux
https://www.exploit-db.com/exploits/167

This exploit targets a buffer overflow vulnerability in Ethereal's IGAP dissector (CVE-2004-0176). It uses a shellcode splitting technique to bypass memory constraints and achieves remote code execution by binding a shell to port 31337.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ethereal 0.10.0 to 0.10.2
No auth needed
Prerequisites: Network access to target running vulnerable Ethereal version · Ability to send crafted IGAP packets
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Rémi Denis-Courmont · cdosmultiple
https://www.exploit-db.com/exploits/170

This PoC exploits a buffer overflow in Ethereal's EIGRP dissector by sending a malformed packet with an overly long IP address field, causing a denial of service. The code constructs a raw socket packet with an invalid TLV length to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Ethereal v0.10.2
No auth needed
Prerequisites: Network access to target running Ethereal · Ability to send raw packets
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (26)

Core 26
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/659140
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200403-07.xml
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-137.html
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2004/dsa-511
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-136.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10187
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11185
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108058005324316&w=2
Various Sources x_refsource_misc
http://security.e-matters.de/advisories/032004.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/6893
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108007072215742&w=2
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/864884
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A887
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/119876
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/433596
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/591820
URL Repurposed x_refsource_confirm
http://www.ethereal.com/appnotes/enpa-sa-00013.html
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/644886
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15569
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/740188
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/125156
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108213710306260&w=2
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/931588
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A878
Vendor Advisory vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2004:024

Scores

EPSS 0.7105
EPSS Percentile 98.7%

Details

Status published
Products (24)
ethereal_group/ethereal 0.8.13
ethereal_group/ethereal 0.8.14
ethereal_group/ethereal 0.8.18
ethereal_group/ethereal 0.8.19
ethereal_group/ethereal 0.9
ethereal_group/ethereal 0.9.1
ethereal_group/ethereal 0.9.2
ethereal_group/ethereal 0.9.3
ethereal_group/ethereal 0.9.4
ethereal_group/ethereal 0.9.5
... and 14 more
Published May 04, 2004
Tracked Since Feb 18, 2026