Headline
CVE-2022-37049: [Bug] heap-overflow in get.c:150 · Issue #736 · appneta/tcpreplay
The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942.
You are opening a bug report against the Tcpreplay project: we use
GitHub Issues for tracking bug reports and feature requests.
If you have a question about how to use Tcpreplay, you are at the wrong
site. You can ask a question on the tcpreplay-users mailing list
or on Stack Overflow with [tcpreplay] tag.
General help is available here.
If you have a build issue, consider downloading the latest release
Otherwise, to report a bug, please fill out the reproduction steps
(below) and delete these introductory paragraphs. Thanks!
Describe the bug
A clear and concise description of what the bug is.
There is a heap-overflow bug in get.c:150. This bug is different from #719 that crashes in get.c:118.
To Reproduce
Steps to reproduce the behavior:
- export CC=clang && export CFLAGS="-fsanitize=address -g"
- ./autogen.sh && ./configure --disable-shared --disable-local-libopts && make clean && make -j8
- ./src/tcpprep --auto=bridge --pcap=POC --cachefile=/dev/null
Expected behavior
A clear and concise description of what you expected to happen.
The program does not crash.
Screenshots
If applicable, add screenshots to help explain your problem.
System (please complete the following information):
- OS: Debian
- OS version: buster
- Tcpreplay Version: 09f0774
Additional context
Add any other context about the problem here.
POC
poc.zip
Related news
Gentoo Linux Security Advisory 202210-8 - Multiple vulnerabilities have been discovered in Tcpreplay, the worst of which could result in denial of service. Versions less than 4.4.2 are affected.