Fklassen

**Name of the Vulnerable Software and Affected Versions** Tcpreplay version 4.4.1 **Description** A heap-based buffer overflow was discovered in the `tcprewrite` component of Tcpreplay, specifically in the `get l2len protocol` function at `common/get.c:344`. **Recommendations** For Tcpreplay version 4.4.1, consider applying a patch or fix to address the heap-based buffer overflow issue in the `get l2len protocol` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tcpreplay version 4.4.1 **Description** A heap-based buffer overflow was discovered in the `tcpprep` component of Tcpreplay, specifically in the `parse mpls` function at `common/get.c:150`. **Recommendations** For Tcpreplay version 4.4.1, consider restricting access to the `parse mpls` function in `common/get.c` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Tcpreplay versions prior to 4.3.1 **Description** The issue is a heap-based buffer over-read in the `packet2tree` function located in `tree.c`. This indicates a problem where more data is read from a buffer than it actually contains, potentially leading to information disclosure or crashes. **Recommendations** For versions prior to 4.3.1, update to version 4.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `packet2tree` function in `tree.c` until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Tcpreplay versions prior to 4.3.1 **Description** The issue is a heap-based buffer over-read in the `get l2len` function located in `common/get.c`. This occurs in Tcpreplay before version 4.3.1. **Recommendations** For versions prior to 4.3.1, update to version 4.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `get l2len` function in `common/get.c` until a patch is applied.