NIXPKGS-2026-0564

GitHub issue published on 8 Mar 2026

Permalink CVE-2026-3606

updated 1 week ago by @mweinelt Activity log

Created automatic suggestion 1 week, 2 days ago
@mweinelt accepted 1 week ago
@mweinelt published on GitHub 1 week ago

Ettercap etterfilter ef_output.c add_data_segment out-of-bounds

A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component etterfilter. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-349218 | Ettercap etterfilter ef_output.c add_data_segment out-of-bounds vdb-entry technical-description
VDB-349218 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Submit #764648 | Ettercap ettercap Ettercap v0.8.4-Garofalo and master-branch Heap-based Buffer Overflow third-party-advisory
https://github.com/Ettercap/ettercap/issues/1297 issue-tracking
https://github.com/oneafter/0202/blob/main/et/repro exploit
https://github.com/Ettercap/ettercap/ product

Affected products

Ettercap

==0.8.4-Garofalo

Matching in nixpkgs

pkgs.ettercap

Comprehensive suite for man in the middle attacks

nixos-unstable 0.8.4-unstable-2025-07-16
- nixpkgs-unstable 0.8.4-unstable-2025-07-16
- nixos-unstable-small 0.8.4-unstable-2025-07-16
nixos-25.11 0.8.4-unstable-2025-07-16
- nixos-25.11-small 0.8.4-unstable-2025-07-16
- nixpkgs-25.11-darwin 0.8.4-unstable-2025-07-16

pkgs.bettercap

Man in the middle tool

nixos-unstable 2.41.5
- nixpkgs-unstable 2.41.5
- nixos-unstable-small 2.41.5
nixos-25.11 2.41.4
- nixos-25.11-small 2.41.4
- nixpkgs-25.11-darwin 2.41.4

Package maintainers

@y0no Yoann Ono <y0no@y0no.fr>
@pSub Pascal Wittmann <mail@pascal-wittmann.de>

Upstream issue: https://github.com/Ettercap/ettercap/issues/1297