Vulnerabilities (CVE)

Filtered by vendor Ettercap-project Subscribe

Filtered by product Ettercap

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2010-3843	1 Ettercap-project	1 Ettercap	2021-07-08	4.6 MEDIUM	7.8 HIGH
The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack.
CVE-2010-3844	2 Debian, Ettercap-project	2 Debian Linux, Ettercap	2019-11-18	6.8 MEDIUM	8.8 HIGH
An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.