CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 2CVE-2024-3024 – appneta tcpreplay get.c get_layer4_v6 heap-based overflow
https://notcve.org/view.php?id=CVE-2024-3024
A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. • https://docs.google.com/document/d/1wCIrViAJwGsO5afPBLLjRhO5RClsoUo3J9q1psLs84s/edit?usp=sharing https://drive.google.com/file/d/1zV9MSkfYLIrdtK3yczy1qbsJr_yN2fwH/view https://vuldb.com/?ctiid.258333 https://vuldb.com/?id.258333 https://vuldb.com/?submit.297866 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-37047
https://notcve.org/view.php?id=CVE-2022-37047
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940. Se ha detectado que el componente tcprewrite de Tcpreplay versión v4.4.1, contiene un desbordamiento del búfer en la región heap de la memoria en la función get_ipv6_next en el archivo common/get.c:713. NOTA: esto es diferente de CVE-2022-27940. • https://github.com/appneta/tcpreplay/issues/734 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECRCFJ6X3IVB7BT4KS6AHQMSL532YXYD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC https://security.gentoo.org/glsa/202210-08 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-37048
https://notcve.org/view.php?id=CVE-2022-37048
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941. Se ha detectado que el componente tcprewrite de Tcpreplay versión v4.4.1, contiene un desbordamiento de búfer en la región heap de la memoria en la función get_l2len_protocolo en el archivo common/get.c:344. NOTA: esto es diferente de CVE-2022-27941. • https://github.com/appneta/tcpreplay/issues/735 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECRCFJ6X3IVB7BT4KS6AHQMSL532YXYD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC https://security.gentoo.org/glsa/202210-08 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-37049
https://notcve.org/view.php?id=CVE-2022-37049
The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942. Se ha detectado que el componente tcpprep de Tcpreplay versión v4.4.1, contiene un desbordamiento de búfer en la región heap de la memoria en la función parse_mpls en el archivo common/get.c:150. NOTA: esto es diferente de CVE-2022-27942. • https://github.com/appneta/tcpreplay/issues/736 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECRCFJ6X3IVB7BT4KS6AHQMSL532YXYD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC https://security.gentoo.org/glsa/202210-08 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-28487
https://notcve.org/view.php?id=CVE-2022-28487
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. Tcpreplay versión 4.4.1, contiene un fallo de pérdida de memoria en la función fix_ipv6_checksums(). La mayor amenaza de esta vulnerabilidad es para la confidencialidad de los datos • https://github.com/appneta/tcpreplay/issues/723 https://github.com/appneta/tcpreplay/pull/720 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECRCFJ6X3IVB7BT4KS6AHQMSL532YXYD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC https://security.gentoo.org/glsa/202210-08 • CWE-401: Missing Release of Memory after Effective Lifetime •