Heap-based Buffer Overflow in Tcpreplay by AppNeta
CVE-2022-37048

7.8HIGH

Key Information:

Vendor: Broadcom
Status: Tcpreplay
Vendor: CVE Published:; 18 August 2022

What is CVE-2022-37048?

A vulnerability has been identified in Tcpreplay version 4.4.1 wherein the tcprewrite component contains a heap-based buffer overflow within the get_l2len_protocol function located in common/get.c:344. This flaw could potentially allow an attacker to exploit memory corruption and may lead to unexpected behavior, increasing the risk of remote code execution. It is critical for users of this product to apply the recommended security updates and monitoring measures to safeguard their systems.

References

https://github.com/appneta/tcpreplay/issues/735

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2022
Vulnerability Reserved
Aug 1, 2022

Broadcom

What is CVE-2022-37048?

References

CVSS V3.1

Timeline