Vulnerabilities > CVE-2022-37049 - Out-of-bounds Write vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

broadcom

fedoraproject

CWE-787

NVD

Published: 2022-08-18

Updated: 2023-11-07

Summary

The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942.

Vulnerable Configurations

Part	Description	Count
Application	Broadcom Broadcom Tcpreplay 4.4.1	1
OS	Fedoraproject Fedoraproject Fedora 35 Fedoraproject Fedora 36 Fedoraproject Fedora 37	3

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/appneta/tcpreplay/issues/736
https://security.gentoo.org/glsa/202210-08
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECRCFJ6X3IVB7BT4KS6AHQMSL532YXYD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC/