CVE-2023-4256 — Vulnetix

CVE-2023-4256 PUBLISHED CVSS 5.5 MEDIUM

Reported by redhat · Published December 21, 2023

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
n/a	tcpreplay
Fedora	Extra Packages for Enterprise Linux
Fedora	Fedora
Fedora	Fedora
Fedora	Extra Packages for Enterprise Linux
n/a	tcpreplay

Exploit Intelligence

https://bugzilla.redhat.com/show_bug.cgi?id=2255212 (nist-nvd)
https://github.com/appneta/tcpreplay/issues/813 (nist-nvd)

Timeline

Dec 21, 2023 CVE Published
Dec 22, 2023 EPSS Score
Jan 20, 2024 EPSS Score
Feb 18, 2024 EPSS Score
Mar 18, 2024 EPSS Score
Apr 16, 2024 EPSS Score
May 15, 2024 EPSS Score
Jun 13, 2024 EPSS Score
Jul 12, 2024 EPSS Score
Aug 9, 2024 EPSS Score
Sep 7, 2024 EPSS Score
Oct 6, 2024 EPSS Score

References

RHBZ#2255212 issue-trackingx_refsource_REDHAT

Open in Interactive Console →