Heap-based buffer overflow in Tcpreplay v4.4.1 affecting multiple Linux distributions
CVE-2022-37047

7.8HIGH

Key Information:

Vendor: Broadcom
Status: Tcpreplay
Vendor: CVE Published:; 18 August 2022

What is CVE-2022-37047?

A heap-based buffer overflow vulnerability has been identified in the tcprewrite component of Tcpreplay version 4.4.1. This flaw, located in the get_ipv6_next function at common/get.c:713, poses a risk to users and could potentially allow malicious actors to execute arbitrary code. It's crucial for system administrators and cybersecurity professionals to address this vulnerability to protect network devices and applications relying on Tcpreplay.

References

https://github.com/appneta/tcpreplay/issues/734

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2022
Vulnerability Reserved
Aug 1, 2022

Broadcom

What is CVE-2022-37047?

References

CVSS V3.1

Timeline