| Vulnerability Name: | CVE-2000-0333 (CCN-4859) | ||||||||
| Assigned: | 1999-05-31 | ||||||||
| Published: | 1999-05-31 | ||||||||
| Updated: | 2008-09-10 | ||||||||
| Summary: | tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue May 02 2000 - 18:46:33 CDT Denial of service attack against tcpdump Source: MITRE Type: CNA CVE-2000-0333 Source: CCN Type: CIAC Information Bulletin L-015 Tcpdump Remote Buffer Overflows Source: CCN Type: Ethereal Web site Ethereal home page Source: CCN Type: US-CERT VU#23495 DNS implementations vulnerable to denial-of-service attacks via malformed DNS queries Source: CCN Type: OSVDB ID: 4488 Multiple Sniffer Malformed DNS Packet Parsing Remote DoS Source: CCN Type: BugTraq Mailing List, Sun, 30 May 1999 17:16:22 +0200 (CEST) weaknesses in dns label decoding, denial of service attack (code included) Source: BID Type: Exploit, Patch, Vendor Advisory 1165 Source: CCN Type: BID-1165 Multiple Sniffer Vendor DNS Decode Vulnerability Source: BUGTRAQ Type: Exploit, Vendor Advisory 20000502 Denial of service attack against tcpdump Source: CCN Type: Tcpdump/Libpcap Web site Home page Source: XF Type: UNKNOWN sniffer-dns-decode-dos(4859) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||