Broadcom Tcpreplay vulnerabilities

CVE-2018-20552 [HIGH] CWE-125 CVE-2018-20552: Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c. Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c.

CVE-2018-18408 [CRITICAL] CWE-416 CVE-2018-18408: A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets tri A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.

CVE-2018-18407 [MEDIUM] CWE-125 CVE-2018-18407: A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service.

CVE-2018-17974 [MEDIUM] CWE-125 CVE-2018-17974: An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure

CVE-2018-17582 [HIGH] CWE-125 CVE-2018-17582: Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application

CVE-2018-17580 [HIGH] CWE-125 CVE-2018-17580: A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c o A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file.

CVE-2018-13112 [HIGH] CWE-125 CVE-2018-13112: get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of serv get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep.

CVE-2017-14266 [HIGH] CVE-2017-14266: tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160.

CVE-2017-6429 [HIGH] CWE-119 CVE-2017-6429: Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers t Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet.

CVE-2016-6160 [HIGH] CWE-399 CVE-2016-6160: tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentat tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266.