Heap-buffer Overflow in Tcpreplay v4.3.2
CVE-2020-23273

5.5MEDIUM

Key Information:

Vendor: Broadcom
Status: Tcpreplay
Vendor: CVE Published:; 22 September 2021

What is CVE-2020-23273?

A heap-buffer overflow vulnerability exists in the randomize_iparp function of the Tcpreplay software (v4.3.2), which can be exploited by attackers to execute a denial of service attack by sending specially crafted pcap files. This flaw can lead to unexpected behavior, crashing of the application, and potential security risks, necessitating immediate attention from users and administrators.

References

https://github.com/appneta/tcpreplay/issues/579

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 22, 2021
Vulnerability Reserved
Aug 13, 2020

Broadcom

What is CVE-2020-23273?

References

CVSS V3.1

Timeline