CVE-2024-3024 – appneta tcpreplay get.c get_layer4_v6 heap-based overflow
https://notcve.org/view.php?id=CVE-2024-3024
A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. • https://docs.google.com/document/d/1wCIrViAJwGsO5afPBLLjRhO5RClsoUo3J9q1psLs84s/edit?usp=sharing https://drive.google.com/file/d/1zV9MSkfYLIrdtK3yczy1qbsJr_yN2fwH/view https://vuldb.com/?ctiid.258333 https://vuldb.com/?id.258333 https://vuldb.com/?submit.297866 • CWE-122: Heap-based Buffer Overflow •
CVE-2023-4256 – Tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c
https://notcve.org/view.php?id=CVE-2023-4256
Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack. Dentro de tcprewrite de tcpreplay, se ha identificado una vulnerabilidad de doble liberación en la función tcpedit_dlt_cleanup() dentro de plugins/dlt_plugins.c. Esta vulnerabilidad se puede explotar proporcionando un archivo específicamente manipulado al binario tcprewrite. • https://bugzilla.redhat.com/show_bug.cgi?id=2255212 https://github.com/appneta/tcpreplay/issues/813 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EHUILQV2YJI5TXXXJA5FQ2HJQGFT7NTN https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMW5CIODKRHUUH7NTAYIRWGSJ56DTGXM https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3GYCHPVJ2VFN3D7FI4IRMDVMILLWBRF • CWE-415: Double Free •
CVE-2023-27783
https://notcve.org/view.php?id=CVE-2023-27783
An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. • https://github.com/appneta/tcpreplay/issues/780 https://github.com/appneta/tcpreplay/pull/781 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3ER3YTFR3XIDMYEB7LMFWFTPVQALBHC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3J4LKYFNKPKNSLDQK4JG36THQMQH3V https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UK2BRH3W3ECF5FDXP6QM3ZEDTHIOE4M5 • CWE-617: Reachable Assertion •
CVE-2023-27784
https://notcve.org/view.php?id=CVE-2023-27784
An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint. • https://github.com/appneta/tcpreplay/issues/787 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3ER3YTFR3XIDMYEB7LMFWFTPVQALBHC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3J4LKYFNKPKNSLDQK4JG36THQMQH3V https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UK2BRH3W3ECF5FDXP6QM3ZEDTHIOE4M5 • CWE-476: NULL Pointer Dereference •
CVE-2023-27785
https://notcve.org/view.php?id=CVE-2023-27785
An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function. • https://github.com/appneta/tcpreplay/issues/785 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3ER3YTFR3XIDMYEB7LMFWFTPVQALBHC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3J4LKYFNKPKNSLDQK4JG36THQMQH3V https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UK2BRH3W3ECF5FDXP6QM3ZEDTHIOE4M5 • CWE-476: NULL Pointer Dereference •