Heap-based buffer overflow in Tcpreplay v4.4.1 affecting multiple Linux distributions
CVE-2022-37047

7.8HIGH

Key Information:

Vendor
Broadcom
Status
Tcpreplay
Vendor
CVE Published:
18 August 2022

Summary

A heap-based buffer overflow vulnerability has been identified in the tcprewrite component of Tcpreplay version 4.4.1. This flaw, located in the get_ipv6_next function at common/get.c:713, poses a risk to users and could potentially allow malicious actors to execute arbitrary code. It's crucial for system administrators and cybersecurity professionals to address this vulnerability to protect network devices and applications relying on Tcpreplay.

References

https://github.com/appneta/tcpreplay/issues/734
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.