Description
A vulnerability has been found in Ettercap up to 0.8.3. The affected element is the function FUNC_DECODER of the file src/dissectors/ec_gg.c of the component GG Dissector. The manipulation of the argument gg leads to heap-based buffer overflow. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.4 is sufficient to fix this issue. The identifier of the patch is feeae6fa366e01a3dd9f1857ec6aae847b2ae00c. It is suggested to upgrade the affected component.
Published: 2026-05-24
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Ettercap, up to version 0.8.3, contains a heap-based buffer overflow in the FUNC_DECODER function of the GG dissector module (ec_gg.c). Malicious manipulation of the gg argument can cause a heap overflow, potentially allowing an attacker to execute arbitrary code on systems running the vulnerable dissector. The flaw is a classic out-of-bounds write (CWE-119/CWE-122) and is considered exploitable only with remote network traffic that engages the dissector, making the attack vector remote but requiring the attacker to craft specific probe packets.

Affected Systems

All installations of Ettercap 0.8.3 and earlier are affected, regardless of operating system. The upstream repository maintains version 0.8.4 as the patched release and suggests applying that update to eliminate the vulnerability.

Risk and Exploitability

The CVSS score of 6.3 indicates a moderate to high impact severity. The EPSS score is currently unavailable, but the vulnerability has been publicly disclosed and is considered difficult to exploit, implying a low to moderate exploitation probability. The flaw is not listed in the CISA KEV catalog, and no widespread exploitation is reported yet. An attacker must remotely access the target through network traffic that triggers the GG dissector and craft malformed packets to exploit the heap overflow. The complexity of such an attack is high, and the exploitability is described as difficult, but the potential outcome of arbitrary code execution or denial of service warrants early remediation.

Generated by OpenCVE AI on May 24, 2026 at 09:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Ettercap to version 0.8.4 or later from the official release channel or repository.
  • Replace any existing Ettercap binaries or libraries with the updated version, ensuring all related components are updated if packaged separately.
  • In environments where an immediate upgrade is not feasible, disable or remove the GG dissector by editing the dissector configuration or patching the source to exclude the vulnerable function before recompilation.

Generated by OpenCVE AI on May 24, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 24 May 2026 08:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Ettercap up to 0.8.3. The affected element is the function FUNC_DECODER of the file src/dissectors/ec_gg.c of the component GG Dissector. The manipulation of the argument gg leads to heap-based buffer overflow. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.4 is sufficient to fix this issue. The identifier of the patch is feeae6fa366e01a3dd9f1857ec6aae847b2ae00c. It is suggested to upgrade the affected component.
Title Ettercap GG Dissector ec_gg.c FUNC_DECODER heap-based overflow
First Time appeared Ettercap
Ettercap ettercap
Weaknesses CWE-119
CWE-122
CPEs cpe:2.3:a:ettercap:ettercap:*:*:*:*:*:*:*:*
Vendors & Products Ettercap
Ettercap ettercap
References
Metrics cvssV2_0

{'score': 5.1, 'vector': 'AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 5.6, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 5.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Ettercap Ettercap
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-24T07:45:11.192Z

Reserved: 2026-05-23T10:28:40.541Z

Link: CVE-2026-9365

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-24T09:30:05Z

Weaknesses