Description
get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6Attack Vector: Network
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: High
Affected Packages3 packages
▶Ubuntutcpreplay< 3.4.4-2+deb8u1ubuntu0.1~esm2+3 🔴Vulnerability Details
5OSVtcpreplay vulnerabilities↗2022-10-04 GHSAGHSA-3g5m-g7r7-6pwf: get_l2len in common/get↗2022-05-13 OSVexiv2 vulnerabilities↗2019-07-15 CVEListCVE-2018-13112: get_l2len in common/get↗2018-07-03 OSVCVE-2018-13112: get_l2len in common/get↗2018-07-03 📋Vendor Advisories
2UbuntuTcpreplay vulnerabilities↗2022-10-04 DebianCVE-2018-13112: tcpreplay - get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to ca...↗2018