Vulnerability CVE-2020-24266: Information

Description

An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-24266
Published: Oct. 19, 2020
Modified: Nov. 7, 2023
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
tcpreplaysisyphus4.3.4-alt14.4.4-alt1ALT-PU-2021-1782-1271455Fixed
tcpreplayp104.3.4-alt14.4.2-alt1ALT-PU-2021-1782-1271455Fixed
tcpreplayp94.4.1-alt14.4.2-alt1ALT-PU-2022-1455-1295834Fixed
tcpreplayp9_e2k4.4.1-alt14.4.2-alt1ALT-PU-2022-4729-1-Fixed
tcpreplayp9_mipsel4.4.1-alt14.4.2-alt1ALT-PU-2022-6057-1-Fixed
tcpreplayc10f14.3.4-alt14.4.2-alt1ALT-PU-2021-1782-1271455Fixed
tcpreplayc9f24.4.1-alt14.4.2-alt1ALT-PU-2022-1371-1295833Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/appneta/tcpreplay/issues/617
  • Exploit
  • Issue Tracking
  • Patch
  • Third Party Advisory
GLSA-202105-21
  • Third Party Advisory
FEDORA-2020-c50d8b980b
    FEDORA-2020-0e036c907e
      FEDORA-2020-e45cf8ea43

          1. Configuration 1

            cpe:2.3:a:broadcom:tcpreplay:4.3.3:*:*:*:*:*:*:*

            Configuration 2

            cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
            cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
            cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.4.2
        Back to top