Ettercap Out-of-Bounds Read Vulnerability in the Etterfilter Component

A heap-based buffer overflow vulnerability has been identified in Ettercap version 0.8.4-Garofalo, specifically within the etterfilter component. The issue arises in the 'add_data_segment' function of 'src/ettercap/utils/etterfilter/ef_output.c', where the program improperly handles data segmentation, leading to an out-of-bounds read. This vulnerability requires local access to exploit and has been publicly disclosed, with an available proof-of-concept exploit.

Impact

Exploitation of this vulnerability causes a heap-buffer-overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by building Ettercap with release optimization and AddressSanitizer (ASan) enabled. After compiling the program, the 'etterfilter' utility can be run with a crafted filter script that triggers the out-of-bounds read. The ASan report will indicate the heap-buffer-overflow error, confirming the vulnerability.