CVE-2026-9365— Ettercap GG Dissector ec_gg.c FUNC_DECODER heap-based overflow
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-9365
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ettercap GG Dissector ec_gg.c FUNC_DECODER heap-based overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been found in Ettercap up to 0.8.3. The affected element is the function FUNC_DECODER of the file src/dissectors/ec_gg.c of the component GG Dissector. The manipulation of the argument gg leads to heap-based buffer overflow. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.4 is sufficient to fix this issue. The identifier of the patch is feeae6fa366e01a3dd9f1857ec6aae847b2ae00c. It is suggested to upgrade the affected component.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
堆缓冲区溢出
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | Ettercap | 0.8.0 | cpe:2.3:a:ettercap:ettercap:*:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-9365
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-9365
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-9365 (2)
Proof of Concept for CVE-2026-9365 (1)
Vendor Pages for CVE-2026-9365 (1)
Same Patch Batch · n/a · 2026-05-24 · 5 CVEs total
| CVE-2026-9376 | 6.3 MEDIUM | JPress UCenter Article Submission Endpoint doWriteSave improper authorization |
| CVE-2026-9358 | 4.3 MEDIUM | postcss AST Serialization container.js toString recursion |
| CVE-2026-9373 | 3.7 LOW | JeecgBoot OpenAPI Endpoint call improper authentication |
| CVE-2026-9357 | 3.5 LOW | vBulletin Login cross site scripting |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-9604
JeecgBoot AiragModelController access control - CVE-2026-9581
JeecgBoot add access control - CVE-2026-9580
JeecgBoot selectDepart LoginController.selectDepart access c - CVE-2026-9579
JeecgBoot SysUser userEdit user.getUsername access control - CVE-2026-9572
GPAC MP4Box media.c Media_GetSample memory leak
Same weakness: CWE-122
- CVE-2026-9605
GNU libredwg Dwgbmp Utility bits.c bit_read_RC heap-based ov - CVE-2026-44983
smallbitvec: Safe API Triggered Heap Buffer Overflow via Int - CVE-2026-8834
IBM HTTP Server is affected by multiple vulnerabilities - CVE-2026-40033
FreeRDP - Heap-buffer-overflow in gdi_CacheToSurface via rec - CVE-2026-48135
HTTP service can incorrectly process malformed HTTP requests
V. Comments for CVE-2026-9365
No comments yet