CVE-2023-4256Double Free in Tcpreplay

CWE-415Double Free8 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Broadcom TcpreplayFedoraproject Extra Packages FOR Enterprise LinuxFedoraproject Fedora
Timeline
PublishedDec 21
Latest updateJan 28

Description

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

Debianbroadcom/tcpreplay< 4.5.1-1+1
NVDbroadcom/tcpreplay4.4.3, 4.4.4+1

Also affects: Fedora 39

🔴Vulnerability Details

4
OSV
tcpreplay vulnerabilities2025-01-28
OSV
CVE-2023-4256: Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins2023-12-21
GHSA
GHSA-pjxj-fcrm-89x2: Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins2023-12-21
CVEList
Tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c2023-12-21

📋Vendor Advisories

2
Ubuntu
Tcpreplay vulnerabilities2025-01-28
Debian
CVE-2023-4256: tcpreplay - Within tcpreplay's tcprewrite, a double free vulnerability has been identified i...2023

💬Community

1
Bugzilla
CVE-2023-4256 tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c2023-12-19
CVE-2023-4256 — Double Free in Broadcom Tcpreplay | cvebase