Heap-based buffer overflow in Tcpreplay v4.4.1 affecting multiple Linux distributions
CVE-2022-37047

7.8HIGH

Key Information:

Vendor

Broadcom
Status
Tcpreplay
Vendor
CVE Published:
18 August 2022

What is CVE-2022-37047?

A heap-based buffer overflow vulnerability has been identified in the tcprewrite component of Tcpreplay version 4.4.1. This flaw, located in the get_ipv6_next function at common/get.c:713, poses a risk to users and could potentially allow malicious actors to execute arbitrary code. It's crucial for system administrators and cybersecurity professionals to address this vulnerability to protect network devices and applications relying on Tcpreplay.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/appneta/tcpreplay/issues/734
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.