Veracode Vulnerability DatabaseVERACODE:37327

HistorySep 29, 2022 - 5:37 a.m.

Denial Of Service (DoS)

2022-09-2905:37:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

tcpreplay vulnerability

denial of service

heap-based buffer overflow

get_ipv6_next function

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

47.0%

JSON

tcpreplay is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the heap-based buffer overflow in the get_ipv6_next function of get.c, which allows an attacker to cause an application crash.

References

github.com/appneta/tcpreplay/issues/734

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECRCFJ6X3IVB7BT4KS6AHQMSL532YXYD/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC/

lists.fedoraproject.org/archives/list/[email protected]/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5/

lists.fedoraproject.org/archives/list/[email protected]/message/ECRCFJ6X3IVB7BT4KS6AHQMSL532YXYD/

lists.fedoraproject.org/archives/list/[email protected]/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC/

security-tracker.debian.org/tracker/CVE-2022-37047

security.gentoo.org/glsa/202210-08

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

47.0%

JSON

Related for VERACODE:37327