From ${URL} : Etterfilter utility of Ettercap have an out-of-bounds read denial-of-service vulnerability when parsing a crafted file. This occurs in the compile_tree function of the ef_compiler.c source file when processing corrupted filters. References: http://seclists.org/bugtraq/2017/Mar/24 Upstream bug: https://github.com/Ettercap/ettercap/issues/782 Upstream patch: https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
However the bug is visible via etterfilter but resides in the library.
CVE-2017-6430 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6430): The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter.
(In reply to Agostino Sarubbo from comment #1) > However the bug is visible via etterfilter but resides in the library. Please do not consider the above. It was a mistake. The bug is in the etterfilter utility.
Looks like there was a 0.8.2-4 release including the fix from the 'fix-library' @ https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506
0.8.2-r1 in the tree, please feel free to clean up when done
@arches, please stabilize.
amd64 stable
ppc stable
ppc64 stable
sparc stable
x86 stable
arm stable
GLSA Vote: No Please continue Stabilization
alpha stable
@maintainer(s), please drop vulnerable.
tree is clean
