Heap-Based Buffer Overflow in Tcpreplay by Appneta
CVE-2022-27418

7.8HIGH

Key Information:

Vendor: Broadcom
Status: Tcpreplay
Vendor: CVE Published:; 12 April 2022

What is CVE-2022-27418?

Tcpreplay, a tool used for editing and replaying network traffic, has a vulnerability in version 4.4.1 that introduces a heap-based buffer overflow in the function do_checksum_math located in /tcpedit/checksum.c. This flaw could potentially allow an attacker to manipulate memory leading to unexpected behaviors or execution of arbitrary code. Users of this version should update to mitigate any security risks associated with this vulnerability. More details can be found in the referenced vendor advisory.

References

https://github.com/appneta/tcpreplay/issues/703

https://security.gentoo.org/glsa/202210-08

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2022
Vulnerability Reserved
Mar 21, 2022

Broadcom

What is CVE-2022-27418?

References

CVSS V3.1

Timeline