Heap-based Buffer Over-read in Tcpreplay Affects Multiple Versions
CVE-2022-27942

7.8HIGH

Key Information:

Vendor
Broadcom
Status
Tcpreplay
Vendor
CVE Published:
26 March 2022

Summary

The Tcpreplay tool, specifically version 4.4.1, is susceptible to a heap-based buffer over-read identified in the parse_mpls function located in common/get.c. This vulnerability occurs when the application processes specific inputs, potentially leading to information disclosure or unexpected behavior. Users should ensure their installation of Tcpreplay is updated to the latest version to mitigate any risks associated with this flaw.

References

https://github.com/appneta/tcpreplay/issues/719
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.