CVE-2018-17582 - OpenCVE

Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom	Tcpreplay

Configuration 1 [-]

OR	cpe:2.3:a:broadcom:tcpreplay:4.3.0:beta1::::::
	cpe:2.3:a:broadcom:tcpreplay:4.3.0:beta2::::::

No data.

References

Link	Providers
https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay
https://github.com/appneta/tcpreplay/issues/484

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-09-28T09:00:00

Updated: 2024-08-05T10:54:10.612Z

Reserved: 2018-09-28T00:00:00

Link: CVE-2018-17582

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-09-28T09:29:01.057

Modified: 2022-04-02T03:30:07.810

Link: CVE-2018-17582

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T22:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/appneta/tcpreplay/issues/484"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17582", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/appneta/tcpreplay/issues/484", "refsource": "MISC", "url": "https://github.com/appneta/tcpreplay/issues/484"}, {"name": "https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay", "refsource": "MISC", "url": "https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:54:10.612Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/appneta/tcpreplay/issues/484"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-17582", "datePublished": "2018-09-28T09:00:00", "dateReserved": "2018-09-28T00:00:00", "dateUpdated": "2024-08-05T10:54:10.612Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:tcpreplay:4.3.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "7A1DA2AE-2F3B-4F91-B621-B70013CE3135", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:tcpreplay:4.3.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "5520526B-E397-46CA-B3CB-EAFB5781CEE8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file."}, {"lang": "es", "value": "tcpreplay v4.3.0 contiene una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap). La funci\u00f3n get_next_packet() en el archivo send_packets.c emplea la funci\u00f3n memcpy() de forma no segura para copiar secuencias del b\u00fafer de origen pktdata al destino (*prev_packet)->pktdata. Esto resultar\u00e1 en una denegaci\u00f3n de servicio (DoS) y una potencial exposici\u00f3n de informaci\u00f3n cuando la aplicaci\u00f3n intenta procesar un archivo."}], "id": "CVE-2018-17582", "lastModified": "2022-04-02T03:30:07.810", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-28T09:29:01.057", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/appneta/tcpreplay/issues/484"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}