Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-37049: [Bug] heap-overflow in get.c:150 · Issue #736 · appneta/tcpreplay

The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942.

CVE
#debian#git#c++#buffer_overflow

You are opening a bug report against the Tcpreplay project: we use
GitHub Issues for tracking bug reports and feature requests.

If you have a question about how to use Tcpreplay, you are at the wrong
site. You can ask a question on the tcpreplay-users mailing list
or on Stack Overflow with [tcpreplay] tag.
General help is available here.

If you have a build issue, consider downloading the latest release

Otherwise, to report a bug, please fill out the reproduction steps
(below) and delete these introductory paragraphs. Thanks!

Describe the bug
A clear and concise description of what the bug is.
There is a heap-overflow bug in get.c:150. This bug is different from #719 that crashes in get.c:118.

To Reproduce
Steps to reproduce the behavior:

  1. export CC=clang && export CFLAGS="-fsanitize=address -g"
  2. ./autogen.sh && ./configure --disable-shared --disable-local-libopts && make clean && make -j8
  3. ./src/tcpprep --auto=bridge --pcap=POC --cachefile=/dev/null

Expected behavior
A clear and concise description of what you expected to happen.
The program does not crash.

Screenshots
If applicable, add screenshots to help explain your problem.

System (please complete the following information):

  • OS: Debian
  • OS version: buster
  • Tcpreplay Version: 09f0774

Additional context
Add any other context about the problem here.
POC
poc.zip

Related news

Gentoo Linux Security Advisory 202210-08

Gentoo Linux Security Advisory 202210-8 - Multiple vulnerabilities have been discovered in Tcpreplay, the worst of which could result in denial of service. Versions less than 4.4.2 are affected.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907