Multiple vulnerabilities in AppNeta Tcpreplay
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU36496
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-18407
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service.
MitigationInstall update from vendor's website.
Vulnerable software versionsTcpreplay: 4.0.0 - 4.3.0 beta1
CPE2.3- cpe:2.3:a:appneta:tcpreplay:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:appneta:tcpreplay:4.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:appneta:tcpreplay:4.0.0:beta2:*:*:*:*:*:*
https://github.com/appneta/tcpreplay/issues/488
https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay/README.md#user-content-heap-overflow-in-csum_replace4
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLPY6W7Z7G6PF2JN4LXXHCACYLD4RBG6/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU36497
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-18408
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.
MitigationInstall update from vendor's website.
Vulnerable software versionsTcpreplay: 4.0.0 - 4.3.0 beta1
CPE2.3- cpe:2.3:a:appneta:tcpreplay:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:appneta:tcpreplay:4.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:appneta:tcpreplay:4.0.0:beta2:*:*:*:*:*:*
https://github.com/appneta/tcpreplay/issues/489
https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay/README.md#use-after-free-in-post_args
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLPY6W7Z7G6PF2JN4LXXHCACYLD4RBG6/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
