Описание
An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | not-affected | 4.4.1-2ubuntu1 |
| disco | not-affected | 4.3.1-2 |
| eoan | ignored | end of life |
| esm-apps/bionic | released | 4.2.6-1ubuntu0.1~esm1 |
| esm-apps/focal | not-affected | 4.3.2-1build1 |
| esm-apps/jammy | not-affected | 4.3.4-1 |
| esm-apps/xenial | released | 3.4.4-2+deb8u1ubuntu0.1~esm1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
Показывать по
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service.
An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer ...
An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service.
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3