50 matches found
CVE-2020-12740
CVE-2020-12740 affects Tcpreplay (tcprewrite) up to version 4.3.2, due to a heap-based buffer over-read in get_ipv6_next() in common/get.c. This can enable information disclosure and, depending on context, may contribute to remote denial of service when processing crafted pcap input. Multiple adv...
CVE-2023-27783
CVE-2023-27783 affects TCPreplay tcprewrite v4.4.3 (and related tcpreplay components). The root cause is in tcpedit_dlt_cleanup (plugins/dlt_plugins.c), allowing a remote attacker to trigger a denial of service. Public advisories confirm fixes in tcpreplay 4.4.4 and related patches for the affect...
CVE-2022-27942
Tcpreplay 4.4.1 (specifically tcpprep) contains CVE-2022-27942: a heap-based buffer over-read in parse_mpls (common/get.c), with impact described as memory safety risk. Public sources in connected docs outline that this vulnerability is present in Tcpreplay 4.4.1 and has been addressed in later r...
CVE-2022-27940
CVE-2022-27940 affects Tcpreplay 4.4.1’s tcprewrite component, with a heap-based buffer over-read in get_ipv6_next (common/get.c). Impact is partial confidentiality/integrity/availability; exploitability is shown in public advisories. Remediation consistently cited across sources is upgrading to ...
CVE-2022-27941
CVE-2022-27941 affects Tcpreplay v4.4.1 (tcprewrite) with a heap-based buffer over-read in get_l2len_protocol in common/get.c. The issue is addressed in later Tcpreplay versions (e.g., 4.4.2) per security advisories (ALT Linux/Mageia) and package updates; upgrade to 4.4.2+ to mitigate. Exploitati...
CVE-2022-28487
CVE-2022-28487 affects Tcpreplay 4.4.1, due to a memory-leak in fix_ipv6_checksums() with confidentiality impact. Connected advisories/documents consistently point to an upgrade to Tcpreplay 4.4.2 as the fix (e.g., Mageia 4.4.2-alt1, Gentoo GLSA 202210-08, Ubuntu USN 5205-1). Other related CVEs a...
CVE-2022-27939
CVE-2022-27939 affects Tcpreplay (Tcprewrite) 4.4.1, with a reachable assertion in get_layer4_v6 in common/get.c. Multiple connected sources corroborate the issue, including the core description: “tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.” The issue...
CVE-2022-27416
CVE-2022-27416 affects Tcpreplay v4.4.1, with a double-free vulnerability via __interceptor_free. Public notices and advisories (OSV, GLSA) reference this CVE and associate it with Tcpreplay 4.4.1; remediation is to upgrade to a newer release (e.g., Tcpreplay 4.4.2 or later) per the Gentoo GLSA g...
CVE-2022-25484
CVE-2022-25484 affects tcpreplay’s 4.4.1 release, specifically the tcpprep component. The primary vulnerability details in the initial CVE describe a reachable assertion (assert(l2len > 0)) in packet2tree() within tree.c (tcpprep 4.4.1). Connected sources corroborate multiple memory/heap-relat...
CVE-2022-27418
CVE-2022-27418 : Tcpreplay v4.4.1 contains a heap-based buffer overflow in do_checksum_math (tcpedit/checksum.c). Multiple connected sources confirm this vulnerability in Tcpreplay 4.4.1 with remediation guidance. Impact is documented as high/severe by CVSS vectors in public records. The availabl...
CVE-2021-45387
CVE-2021-45387 affects tcpreplay 4.3.4, with a Reachable Assertion in add_tree_ipv4() located in tree.c. Public records (NVD, OSV, Gentoo GLSA, and Nessus notes) confirm this vulnerability is exploitable via a local vector and can impact availability (NVD CVSS3.1: LOCAL, LOW/or MEDIUM complexity,...
CVE-2023-43279
Tcpreplay 4.4.4 contains a Null Pointer Dereference in mask_cidr6 (cidr.c) that can crash the application when processing a crafted tcprewrite command. This CVE-2023-43279 vulnerability has been acknowledged in multiple advisories and is tracked across vendors (e.g., openSUSE SUSE advises upgradi...
CVE-2023-27786
CVE-2023-27786 affects TCPreplay 4.4.3 (including TCPprep) with a denial-of-service via the macinstring function. Multiple advisories (openSUSE, Mageia, Fedora, Ubuntu) reference the same issue family and related CVEs (27783–27789). The underlying problem involves memory/string handling bugs (e.g...
CVE-2021-45386
CVE-2021-45386 affects tcpreplay 4.3.4, with a reachable assertion in add_tree_ipv6() (tree.c). Multiple downstream advisories note fixes in newer tcpreplay releases (e.g., 4.4.1/4.4.2); Gentoo GLSA 202210-08 recommends upgrading to tcpreplay-4.4.2 to address CVE-2021-45386. Other sources (ALT Li...
CVE-2024-3024
CVE-2024-3024 affects appneta tcpreplay up to version 4.4.4. The vulnerability is a heap-based buffer overflow in get_layer4_v6 in tcpreplay/src/common/get.c, exploitable via local access. Multiple connected sources confirm the issue and reference a public exploit; internal details are not provid...
CVE-2020-24265
CVE-2020-24265 affects tcpreplay’s tcpprep component (version 4.3.3). The vulnerability is a heap buffer overflow in MemcmpInterceptorCommon(), leading to a crash and potential denial of service. Public details across connected documents indicate this issue was fixed in later releases (e.g., tcpr...
CVE-2023-27789
CVE-2023-27789 affects TCPreplay/tcpprep 4.4.3. The vulnerability is triggered via the cidr2cidr function in cidr.c:178, allowing a remote attacker to cause a denial of service. Connected documents corroborate multiple vendor advisories and security plugins (e.g., Mageia MGASA-2023-0188 and Ubunt...
CVE-2023-4256
CVE-2023-4256 affects tcpreplay (tcprewrite component). A double-free vulnerability in tcpedit_dlt_cleanup() within plugins/dlt_plugins.c can be triggered by a crafted file, enabling a local DoS. Affected advisories/documentation in connected sources include openSUSE openSUSE-SU-2025-20119-1 (men...
CVE-2022-37049
CVE-2022-37049 affects Tcpreplay 4.4.1, specifically the tcpprep component with a heap-based buffer overflow in parse_mpls (common/get.c:150). Documents confirm this CVE as part of a broader set of Tcpreplay vulnerabilities; advisories indicate fixes in Tcpreplay 4.4.2 (e.g., Mageia, Fedora). Imp...
CVE-2020-24266
CVE-2020-24266 affects tcpreplay’s tcpprep v4.3.3. The issue is a heap buffer overflow in get_l2len(), which can cause tcpprep to crash and trigger a denial-of-service. Publicly cited advisories from multiple vendors document the vulnerable component and versions (tcpreplay 4.3.3) and confirm rem...
CVE-2023-27785
CVE-2023-27785 affects TCPreplay TCPprep v4.4.3 and allows remote denial of service via the parse endpoints function. Public advisories indicate fixes have been released (e.g., Mageia MGASA-2023-0188 and Ubuntu USN-7231-1) and patches are available; upgrading TCPreplay to a patched release is the...
CVE-2023-27784
CVE-2023-27784 affects TCPReplay/TCPreplay v4.4.3, where the read_hexstring function in utils.c:309 can be abused by a remote attacker to cause a denial of service. Public sources in the connected set corroborate this as part of multiple tcpreplay vulnerabilities and indicate a patch is available...
CVE-2023-27787
CVE-2023-27787 is corroborated by multiple connected advisories (Mageia, Fedora/OpenVAS, OSV, Ubuntu USN) detailing a DoS in TCPreplay/TCPprep v4.4.3 via parse_list (list.c:81). The vulnerability affects tcpreplay-related components and is publicly documented with remediation: apply vendor patche...
CVE-2017-14266
The provided sources confirm a concrete vulnerability: Tcpreplay’s Tcprewrite (version 3.4.4) contains a heap-based buffer overflow triggered by a crafted PCAP file, potentially enabling memory corruption or code execution. This issue is related to CVE-2016-6160 (pre-4.1.2) and has public coverag...
CVE-2018-20553
Tcpreplay vulnerability CVE-2018-20553 affects versions before 4.3.1 and is caused by a heap-based over-read in get_l2len (common/get.c). Public sources describe a heap-based issue in Tcpreplay that can crash the application and, in some advisories, potential denial of service or information expo...
CVE-2019-8377
Tcpreplay 4.3.1 is affected by CVE-2019-8377 due to a NULL pointer dereference in get_ipv6_l4proto() in get.c when parsing a crafted pcap fed to tcpreplay-edit. This can trigger a Denial of Service via segmentation fault and may have unspecified other impact. Public remediation in the connected s...
CVE-2022-37047
CVE-2022-37047 affects Tcpreplay v4.4.1 (component tcprewrite). It describes a heap-based buffer overflow in get_ipv6_next at common/get.c:713. Exploitation details are not provided in the given documents, but multiple sources note the issue alongside other CVEs for Tcpreplay and indicate a fixed...
CVE-2022-37048
Summary: CVE-2022-37048 affects the Tcpreplay package, specifically the tcprewrite component in version 4.4.1, which contains a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. This is part of Tcpreplay 4.4.1 vulnerabilities cluster (alongside CVE-2022-27941 and others) repor...
CVE-2018-17582
Tcpreplay 4.3.0 beta1 contains multiple heap-based buffer over-reads in critical paths (e.g., get_next_packet in send_packets.c; fast_edit_packet in Tcpreplay; dlt_en10mb_encode in en10mb.c; incremental_checksum.h csum_replace4; tcpbridge in tcpreplay) that can lead to Denial of Service and poten...
CVE-2019-8381
CVE-2019-8381 affects Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum() of checksum.c when processing crafted pcap files via tcpreplay-edit, leading to a Denial of Service (Segmentation fault) and potentially other impact. Remediation is to upgrade Tcpreplay to 4.3.2 (e.g., 4.3.2-...
CVE-2023-27788
Summary : CVE-2023-27788 affects TCPrewrite 4.4.3 of Tcpreplay. A remote attacker can cause a denial of service via the ports2PORT function in portmap.c:69. The issue is rated AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD) with a base score of 7.5 (HIGH). Affected component : Tcpreplay Tcprewrite (par...
CVE-2018-18408
Tcpreplay vulnerability CVE-2018-18408 affects the tcpbridge binary in Tcpreplay 4.3.0 beta1. The issue is a use-after-free in the function post_args() in tcpbridge.c, which can lead to denial of service and potentially other unspecified impact. The documents provided do not specify a fixed versi...
CVE-2016-6160
CVE-2016-6160 affects tcpreplay’s tcprewrite utility; before version 4.1.2 it allows remote attackers to cause a denial of service (segmentation fault) by sending a large PCAP frame. The issue is related to CVE-2017-14266, which describes a heap-based buffer overflow in Tcpreplay 3.4.4 triggered ...
CVE-2019-8376
Tcpreplay 4.3.1 contains multiple issues from get_layer4_v6(), get_ipv6_l4proto(), and do_checksum in tcpreplay-edit that can be triggered by crafted pcap files, allowing Denial of Service (segmentation fault) and potential other impact. The vulnerability set includes CVE-2019-8376 (get_layer4_v6...
CVE-2020-18976
Tcpreplay 4.3.2 is affected by a buffer overflow in do_checksum (checksum.c) that can be triggered by a crafted pcap sent to tcpreplay-edit, leading to Denial of Service. Several sources (CNVD/CNNVD, CNVD-2021-93920; DEBIAN and Arch Linux advisories) confirm the flaw and its impact on tcpreplay, ...
CVE-2020-23273
CVE-2020-23273 affects Tcpreplay v4.3.2, due to a heap-buffer overflow in the function randomize_iparp() in edit_packet.c. This flaw allows an attacker to cause a denial of service via a specially crafted pcap file. The connected sources consistently describe the same vulnerability class and impa...
CVE-2024-22654
CVE-2024-22654 affects tcpreplay, where version 4.4.4 contains an infinite loop in the tcprewrite function (get.c). The issue is triggered in the network traffic replay tooling and has been acknowledged in multiple advisories. Public sources in the connected documents consistently reference this ...
CVE-2018-17580
CVE-2018-17580 affects Tcpreplay v4.3.0 beta1, with a heap-based buffer over-read in the function fast_edit_packet() in send_packets.c. This can cause a Denial of Service and potentially information exposure when processing crafted PCAP files. Public-advisory coverage shows fixes in later Tcprepl...
CVE-2018-18407
CVE-2018-18407 affects Tcpreplay 4.3.0 beta1, where a heap-based over-read in tcpreplay-edit (csum_replace4() in incremental_checksum.h) can trigger a denial of service. The vulnerability concerns the incremental checksum path and does not affect confidentiality/integrity; availability is partial...
CVE-2018-17974
CVE-2018-17974 is a heap-based buffer over-read in Tcpreplay 4.3.0 beta1, caused by improper length checks in dlt_en10mb_encode() (memmove) leading to potential Denial of Service. Affected product: Tcpreplay (binary components including dlt_en10mb/en10mb.c, send_packets.c, tcpreplay-edit, tcpbrid...
CVE-2018-20552
CVE-2018-20552 affects Tcpreplay before 4.3.1, with a heap-based buffer over-read in packet2tree (tree.c). The issue can cause an application crash and, per multiple sources, may lead to denial of service or exposure of sensitive data. Affected users should upgrade to 4.3.1 or later (the fixed ve...
CVE-2017-6429
CVE-2017-6429 concerns tcpreplay’s tcpcapinfo utility. A buffer overflow via a crafted pcap containing an over-size packet affects tcpreplay before 4.2.0 Beta1. Upstream fixes are in 4.2.5+; Fedora/Arch entries show upgrades to 4.2.5-1 or newer. Some sources explicitly state possible arbitrary-co...
CVE-2018-13112
CVE-2018-13112 affects Tcpreplay (and its tcpprep-related routines) in version 4.3.0 beta1, where the function get_l2len in common/get.c may read beyond a heap boundary when processing crafted packet captures, leading to a denial of service (application crash). Public advisories (Fedora, Ubuntu U...
CVE-2025-9019
CVE-2025-9019 affects tcpreplay 4.5.1 (tcpprep component) where the function mask_cidr6 in cidr.c can cause a heap-based buffer overflow . The description notes a remote attack with high complexity and no required user interaction, with exploitation reportedly possible on the latest 4.5.1/recent ...
CVE-2025-51006
CVE-2025-51006 affects tcpreplay’s tcprewrite component. The vulnerability in dlt_linuxsll2_cleanup() (plugins/dlt_linuxsll2/linuxsll2.c) results from tcpedit_dlt_cleanup() potentially invoking the cleanup routine multiple times on the same memory region, enabling a local attacker to trigger a de...
CVE-2025-9384
CVE-2025-9384 affects appneta tcpreplay up to version 4.5.1. The vulnerability is in tcpedit_post_args (src/tcpedit/parse_args.c) and can cause a null pointer dereference. Exploitation requires local access, and public proof-of-concept details exist. Remediation available via upgrade to 4.5.2-bet...
CVE-2025-9385
CVE-2025-9385 affects appneta tcpreplay (tcprewrite component) where the function fix_ipv6_checksums in edit_packet.c can trigger a use-after-free. Impact is limited to local execution; the exploit has been published. Multiple advisories (openSUSE, Fedora, etc.) reference the same issue and note ...
CVE-2025-51005
The CVE-2025-51005 entry affects tcpreplay-4.5.1, specifically the tcpliveplay utility. A heap-buffer-overflow occurs in the checksum calculation logic (do_checksum_math_liveplay) when processing crafted pcap files, which can lead to a denial of service. Connected sources corroborate the vulnerab...
CVE-2025-9386
CVE-2025-9386 affects appneta tcpreplay up to 4.5.1, specifically the get_l2len_protocol function in tcprewrite/get.c. The issue enables a local use-after-free condition. Exploitation requires local access, and the exploit has been publicly disclosed. Remediation is to upgrade to tcpreplay 4.5.2-...
CVE-2025-9649
CVE-2025-9649 affects appneta tcpreplay 4.5.1. The vulnerability is in the function calc_sleep_time (send_packets.c), where input handling leads to a divide-by-zero. Exploitation is local, with publicly disclosed exploit details. A fix is available in 4.5.3-beta3, and vendor notes indicate reprod...