Heap-based buffer overflow in Tcpreplay affects multiple versions
CVE-2022-37049

7.8HIGH

Key Information:

Vendor
Broadcom
Status
Tcpreplay
Vendor
CVE Published:
18 August 2022

Summary

A heap-based buffer overflow vulnerability has been identified in the Tcpreplay tool, specifically in the tcpprep component. The flaw resides in the parse_mpls function located at common/get.c:150, allowing attackers to potentially manipulate memory and execute arbitrary code. This vulnerability could lead to serious security risks, particularly when processing maliciously crafted MPLS data packets. It is crucial for users of Tcpreplay, especially version 4.4.1, to stay informed about updates and patches to mitigate associated risks.

References

https://github.com/appneta/tcpreplay/issues/736
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.