Description
The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service (application crash) via a certain packet that causes the dissector to access previously-freed memory.
Product(s):
- Ethereal Group Ethereal 0.10.1
- Ethereal Group Ethereal 0.10.2
- Ethereal Group Ethereal 0.10.3
- Ethereal Group Ethereal 0.10.4
- Ethereal Group Ethereal 0.10.5
- Ethereal Group Ethereal 0.10.6
- Ethereal Group Ethereal 0.10.7
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1141, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1141 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.