Remote Denial of Service Vulnerability in TCPprep by AppNeta
CVE-2023-27789

7.5HIGH

Key Information:

Vendor: Broadcom
Status: Tcpreplay
Vendor: CVE Published:; 16 March 2023

Summary

A vulnerability has been identified in TCPprep v.4.4.3 that can be exploited by a remote attacker to trigger a denial of service condition. This occurs through the 'cidr2cidr' function implemented in the cidr.c file at line 178. Successful exploitation may lead to interruptions in network service, affecting the overall performance and availability of affected systems. It is essential for users of TCPprep to review their current version and apply necessary patches to mitigate this risk.

References

https://github.com/appneta/tcpreplay/pull/783

https://github.com/appneta/tcpreplay/issues/784

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Mar 5, 2023