CVE-2020-24265Out-of-bounds Write in Tcpreplay

CWE-787Out-of-bounds Write9 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom TcpreplayFedoraproject Fedora
Timeline
PublishedOct 19
Latest updateOct 4

Description

An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debianbroadcom/tcpreplay< 4.3.4-1+2

Also affects: Fedora 31, 32, 33

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-j9f7-fx8r-4pr6: An issue was discovered in tcpreplay tcpprep v42022-05-24
CVEList
CVE-2020-24265: An issue was discovered in tcpreplay tcpprep v42020-10-19
OSV
CVE-2020-24265: An issue was discovered in tcpreplay tcpprep v42020-10-19

📋Vendor Advisories

2
Ubuntu
Tcpreplay vulnerabilities2022-10-04
Debian
CVE-2020-24265: tcpreplay - An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer over...2020

💬Community

3
Bugzilla
CVE-2020-24265 tcpreplay: heap buffer overflow in MemcmpInterceptorCommon() could result in a crash2020-10-20
Bugzilla
CVE-2020-24265 tcpreplay: heap buffer overflow could result in a crash [epel-all]2020-10-20
Bugzilla
CVE-2020-24265 tcpreplay: heap buffer overflow could result in a crash [fedora-all]2020-10-20
CVE-2020-24265 — Out-of-bounds Write in Tcpreplay | cvebase