Vulnerability Details : CVE-2003-0356
Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.
Vulnerability category: Execute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2003-0356
Probability of exploitation activity in the next 30 days: 6.88%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2003-0356
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2003-0356
-
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.Assigned by: nvd@nist.gov (Primary)
References for CVE-2003-0356
-
http://www.kb.cert.org/vuls/id/641013
VU#641013 - Ethereal contains multiple one-byte buffer overflows in several dissectorsThird Party Advisory;US Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A69
404 Not FoundBroken Link
-
http://www.mandriva.com/security/advisories?name=MDKSA-2003:067
Advisories - Mandriva LinuxThird Party Advisory
-
http://www.debian.org/security/2003/dsa-313
Debian -- The Universal Operating SystemBroken Link;Patch;Vendor Advisory
-
http://www.ethereal.com/appnotes/enpa-sa-00009.html
** Not Found **Broken Link;Patch;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2003-077.html
SupportBroken Link
Products affected by CVE-2003-0356
- cpe:2.3:a:ethereal:ethereal:*:*:*:*:*:*:*:*