CVE-2014-6395

Ettercap <0.8.1 - Buffer Overflow

Title source: llm

Description

Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the password.

Exploits (1)

exploitdb WORKING POC

by Nick Sampanis · rubydoslinux

https://www.exploit-db.com/exploits/35580

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/534248/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/71689

[Various Sources] https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/

[Patch] https://github.com/Ettercap/ettercap/commit/e3abe7d7585ecc420a7cab73313216613aadad5a

[Third Party Advisory] https://security.gentoo.org/glsa/201505-01

Scores

EPSS 0.2658

EPSS Percentile 96.3%

Details

CWE

CWE-119

Status published

Products (1)

ettercap-project/ettercap < 0.8.0

Published Dec 19, 2014

Tracked Since Feb 18, 2026