cbcvebase.
CVE-2018-17580
published 2018-09-28

CVE-2018-17580: A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of…

PriorityP423high7.1CVSS 3.0
AVLACLPRNUIRSUCHINAH
EPSS
1.21%
64.6th percentile
A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file.

Affected

10 ranges
VendorProductVersion rangeFixed in
broadcomtcpreplay
broadcomtcpreplay>= 0 < 4.3.1-14.3.1-1
broadcomtcpreplay>= 0 < 4.3.1-14.3.1-1
broadcomtcpreplay>= 0 < 4.3.1-14.3.1-1
broadcomtcpreplay>= 0 < 4.3.1-14.3.1-1
broadcomtcpreplay>= 0 < 3.4.4-2+deb8u1ubuntu0.1~esm23.4.4-2+deb8u1ubuntu0.1~esm2
broadcomtcpreplay>= 0 < 4.2.6-1ubuntu0.1~esm44.2.6-1ubuntu0.1~esm4
broadcomtcpreplay>= 0 < 4.3.2-1ubuntu0.1~esm24.3.2-1ubuntu0.1~esm2
broadcomtcpreplay>= 0 < 4.3.4-1ubuntu0.1~esm14.3.4-1ubuntu0.1~esm1
debiantcpreplay< tcpreplay 4.3.1-1 (bookworm)tcpreplay 4.3.1-1 (bookworm)

CVSS provenance

nvdv3.07.1HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:P
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian7.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.