Vulnerability Details CVE-2020-24266
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/appneta/tcpreplay/issues/617
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EA7K7VKDK2K3SY2DHQQYSCBGZLKPWXJ4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LC3UMBJFBK5HYUX7H2NGXVFI2I2EMAOF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M623ONZKOZL5Y7XQNHKXEPV76XYCPXQM/
- https://security.gentoo.org/glsa/202105-21
- https://github.com/appneta/tcpreplay/issues/617
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EA7K7VKDK2K3SY2DHQQYSCBGZLKPWXJ4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LC3UMBJFBK5HYUX7H2NGXVFI2I2EMAOF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M623ONZKOZL5Y7XQNHKXEPV76XYCPXQM/
- https://security.gentoo.org/glsa/202105-21
Products affected by CVE-2020-24266
-
cpe:2.3:a:broadcom:tcpreplay:4.3.3
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:fedoraproject:fedora:32
-
cpe:2.3:o:fedoraproject:fedora:33