PT-2021-6536 · Tcpreplay+1 · Tcpreplay+1

Lvtao-Sec

Published

2020-06-27

Updated

2022-04-02

CVE-2020-18976

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Tcpreplay version 4.3.2

Description The issue is related to a buffer overflow in the do checksum function of the checksum.c component in the Tcpreplay utility. This can be exploited by a remote attacker using a specially crafted pcap file, leading to a denial of service. The exploitation occurs when the tcpreplay-edit binary processes the malicious pcap file.

Recommendations For Tcpreplay version 4.3.2, consider disabling the do checksum function as a temporary workaround until a patch is available. Restrict access to the tcpreplay-edit binary to minimize the risk of exploitation. Avoid using the tcpreplay-edit binary with untrusted pcap files until the issue is resolved.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALT-PU-2020-2242

ALT-PU-2022-1371

ALT-PU-2022-1455

BDU:2022-01796

CVE-2020-18976

Affected Products

Alt Linux

Tcpreplay

PT-2021-6536 · Tcpreplay+1 · Tcpreplay+1

CVE-2020-18976

Weakness Enumeration

Related Identifiers

Affected Products

References · 12