PT-2018-11608 · Aqua Security+2 · Tcpreplay+2
Published
2018-07-03
·
Updated
2022-10-04
·
CVE-2018-13112
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Tcpreplay version 4.3.0 beta1
Description
The issue allows remote attackers to cause a denial of service, resulting in a heap-based buffer over-read and application crash, via crafted packets. This can be demonstrated using tcpprep.
Recommendations
For Tcpreplay version 4.3.0 beta1, consider disabling the
get l2len function in common/get.c as a temporary workaround until a patch is available. Restrict access to crafted packets to minimize the risk of exploitation.Exploit
Fix
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Tcpreplay
Ubuntu