CVE-2018-17974
Last modified
CVE-2018-17974 is a vulnerability of currently unknown severity. An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). EPSS estimates a 0.99% chance of exploitation in the next 30 days.
Description
An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Broadcom | Tcpreplay | 4.3.0 | Beta1 |
References
- https://github.com/SegfaultMasters/covering360/tree/master/tcpreplayExploit, Third Party Advisory
- https://github.com/appneta/tcpreplay/issues/486Exploit, Third Party Advisory
- https://github.com/SegfaultMasters/covering360/tree/master/tcpreplayExploit, Third Party Advisory
- https://github.com/appneta/tcpreplay/issues/486Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-17974?
How severe is CVE-2018-17974?
How do I fix CVE-2018-17974?
Are you affected by CVE-2018-17974?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST