Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-37047: [Bug] heap-overflow in get.c:713 · Issue #734 · appneta/tcpreplay

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940.

CVE
#debian#git#c++#buffer_overflow

You are opening a bug report against the Tcpreplay project: we use
GitHub Issues for tracking bug reports and feature requests.

If you have a question about how to use Tcpreplay, you are at the wrong
site. You can ask a question on the tcpreplay-users mailing list
or on Stack Overflow with [tcpreplay] tag.
General help is available here.

If you have a build issue, consider downloading the latest release

Otherwise, to report a bug, please fill out the reproduction steps
(below) and delete these introductory paragraphs. Thanks!

Describe the bug
There is a heap-overflow bug in get_ipv6_next. Different from #718 (The crash point is in line 679, ((int)((u_char )exthdr + len))), this bug is triggered in line 713 (((int*)((u_char *)exthdr + len)) > maxlen).

To Reproduce
Steps to reproduce the behavior:

  1. export CC=clang && export CFLAGS="-fsanitize=address -g"
  2. ./autogen.sh && ./configure --disable-shared --disable-local-libopts && make clean && make -j8
  3. ./src/tcprewrite -o /dev/null -i POC

Expected behavior
A clear and concise description of what you expected to happen.
The program does not crash.

Screenshots

System (please complete the following information):

  • OS: Debian
  • OS version: buster
  • Tcpreplay Version: 09f0774

Additional context
POC
poc.zip

Related news

Gentoo Linux Security Advisory 202210-08

Gentoo Linux Security Advisory 202210-8 - Multiple vulnerabilities have been discovered in Tcpreplay, the worst of which could result in denial of service. Versions less than 4.4.2 are affected.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907