CVE-2014-6395

Description

Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the password.

How to fix CVE-2014-6395

To remediate CVE-2014-6395, upgrade the affected package to a fixed version below.

• Debian/ettercap—upgrade to 1:0.8.1-3 or later

Is CVE-2014-6395 being exploited?

Moderate — EPSS is 26.6%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1:0.8.1-3

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-6395