CVE-2023-4256

Name of the Vulnerable Software and Affected Versions tcpreplay versions (affected versions not specified) Grafana versions prior to 10.1.4

Description A double free vulnerability has been identified in the tcpedit dlt cleanup() function within plugins/dlt plugins.c of tcpreplay's tcprewrite. This issue can be exploited by supplying a specifically crafted file to the tcprewrite binary, enabling a local attacker to initiate a Denial of Service (DoS) attack. Additionally, a directory traversal vulnerability in Grafana can lead to information disclosure.

Recommendations For tcpreplay, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Grafana versions prior to 10.1.4, update to version 10.1.4 or later to resolve the directory traversal vulnerability.