CVE-2018-17582

Name of the Vulnerable Software and Affected Versions Tcpreplay version 4.3.0 beta1

Description The issue is related to a heap-based buffer over-read in the get next packet() function, located in the send packets.c file. This function uses memcpy() unsafely to copy sequences from the source buffer pktdata to the destination (*prev packet)->pktdata. As a result, this can lead to a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file.

Recommendations For Tcpreplay version 4.3.0 beta1, consider disabling the get next packet() function as a temporary workaround until a patch is available. Restrict access to files that may trigger the buffer over-read to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.