Heap Buffer Overflow in tcpreplay tcpprep Affects AppNeta
CVE-2020-24266

7.5HIGH

Key Information:

Vendor
Broadcom
Status
Tcpreplay
Vendor
CVE Published:
19 October 2020

Summary

A heap buffer overflow vulnerability was identified in the get_l2len() function of tcpreplay’s tcpprep tool, version 4.3.3. This flaw can cause the application to crash, resulting in a denial of service. Exploiting this vulnerability may lead to unintended application behavior and interruptions in service, raising significant concern for users relying on tcpreplay for network packet replay functionalities. It is crucial for affected parties to follow the security advisories from AppNeta and apply recommended updates to mitigate potential risks.

References

https://github.com/appneta/tcpreplay/issues/617
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.