CVE-2017-8366
https://notcve.org/view.php?id=CVE-2017-8366
The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted filter that is mishandled by etterfilter. La función strescape en ec_strings.c en Ettercap 0.8.2 permite a atacantes remotos causar una denegación de servicio (desbordamiento de búfer de memoria dinámica -heap- y fallo de aplicación) o posiblemente tener otro impacto no especificado a través de un filtro especialmente diseñado que es incorrectamente manejado por etterfilter. • http://www.debian.org/security/2017/dsa-3874 https://blogs.gentoo.org/ago/2017/04/29/ettercap-etterfilter-heap-based-buffer-overflow-write • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-6430
https://notcve.org/view.php?id=CVE-2017-6430
The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter. La función compile_tree en ef_compiler.c en la utilidad Etterfilter de Ettercap 0.8.2 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un filtro manipulado. • http://www.debian.org/security/2017/dsa-3874 http://www.securityfocus.com/archive/1/540223/100/0/threaded http://www.securityfocus.com/bid/96582 http://www.securitytracker.com/id/1038057 https://github.com/Ettercap/ettercap/issues/782 https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506 • CWE-125: Out-of-bounds Read •