Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2023-4256

HistoryDec 21, 2023 - 4:15 p.m.

CVE-2023-4256

2023-12-2116:15:10

Debian Security Bug Tracker

security-tracker.debian.org

cve-2023-4256

tcpreplay

double free

vulnerability

tcprewrite

tcpedit_dlt_cleanup

plugins/dlt_plugins.c

local attacker

dos

attack

unix

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.6%

JSON

Within tcpreplay’s tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.

OSVersionArchitecturePackageVersionFilename
Debian12alltcpreplay<= 4.4.3-1tcpreplay_4.4.3-1_all.deb
Debian11alltcpreplay<= 4.3.3-2tcpreplay_4.3.3-2_all.deb
Debian10alltcpreplay<= 4.3.1-1tcpreplay_4.3.1-1_all.deb
Debian999alltcpreplay<= 4.4.4-1tcpreplay_4.4.4-1_all.deb
Debian13alltcpreplay<= 4.4.4-1tcpreplay_4.4.4-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	tcpreplay	<= 4.4.3-1	tcpreplay_4.4.3-1_all.deb
Debian	11	all	tcpreplay	<= 4.3.3-2	tcpreplay_4.3.3-2_all.deb
Debian	10	all	tcpreplay	<= 4.3.1-1	tcpreplay_4.3.1-1_all.deb
Debian	999	all	tcpreplay	<= 4.4.4-1	tcpreplay_4.4.4-1_all.deb
Debian	13	all	tcpreplay	<= 4.4.4-1	tcpreplay_4.4.4-1_all.deb