PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-9365 Ettercap CVE debrief

A heap-based buffer overflow vulnerability exists in Ettercap versions up to and including 0.8.3, specifically within the GG (Gadu-Gadu) protocol dissector. The flaw resides in the FUNC_DECODER function in src/dissectors/ec_gg.c, where improper handling of the 'gg' argument can lead to memory corruption. While the attack vector is network-accessible, the high attack complexity and difficult exploitability reduce immediate risk. A public exploit has been disclosed, though practical exploitation requires substantial effort. The vulnerability was addressed in version 0.8.4 via commit feeae6fa366e01a3dd9f1857ec6aae847b2ae00c. Organizations using Ettercap for network analysis should prioritize upgrading to the patched version, particularly if GG protocol dissection is enabled in production environments.

Vendor
Ettercap
Product
Ettercap
CVSS
LOW 2.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-24
Original CVE updated
2026-05-26
Advisory published
2026-05-24
Advisory updated
2026-05-26

Who should care

Network security teams using Ettercap for traffic analysis, security researchers, and system administrators maintaining network monitoring infrastructure

Technical summary

The vulnerability is a heap-based buffer overflow (CWE-122) in the Gadu-Gadu (GG) protocol dissector component of Ettercap, a network security tool. The affected function FUNC_DECODER in src/dissectors/ec_gg.c fails to properly validate the 'gg' argument, allowing remote attackers to trigger memory corruption. The CVSS 4.0 score of 2.9 (LOW) reflects the high attack complexity and difficult exploitability, despite the network-accessible attack vector and public exploit availability. The fix was implemented in commit feeae6fa366e01a3dd9f1857ec6aae847b2ae00c and released in Ettercap 0.8.4.

Defensive priority

low

Recommended defensive actions

  • Upgrade Ettercap to version 0.8.4 or later to remediate the heap-based buffer overflow in the GG dissector
  • If immediate patching is not feasible, consider disabling GG protocol dissection in Ettercap configuration as a temporary risk reduction measure
  • Monitor network traffic for unusual patterns targeting GG protocol handlers if Ettercap is deployed in production environments
  • Review Ettercap deployment scope and restrict to authorized administrative use only, given the network-accessible attack vector

Evidence notes

Vulnerability details sourced from NVD and Vuldb records. Patch commit feeae6fa366e01a3dd9f1857ec6aae847b2ae00c verified via GitHub. CVSS 4.0 vector indicates network attack vector with high attack complexity. CWE-119 and CWE-122 classifications confirmed in source metadata.

Official resources

public