CVE-2022-25484 — Reachable Assertion in Tcpreplay

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 57.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMar 22

Latest updateMar 23

Description

tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

▶Debianbroadcom/tcpreplay< 4.4.2-1+2

GHSA

GHSA-29c2-jq97-8pp8: tcpprep v4↗2022-03-23

▶

OSV

CVE-2022-25484: tcpprep v4↗2022-03-22

▶

CVEList

CVE-2022-25484: tcpprep v4↗2022-03-22

▶

Debian

CVE-2022-25484: tcpreplay - tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at...↗2022

▶

Bugzilla

CVE-2022-25484 fedora: packet2tree() at tree.c is reachable when the user uses tcpprep to open a crafted pcap file.↗2022-03-23

▶