CVE-2018-18408 - A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets tri

CVE-2018-18408

Summary

A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.

References

Vulnerable Configurations

cpe:2.3:a:broadcom:tcpreplay:4.3.0:beta1:*:*:*:*:*:*
cpe:2.3:a:broadcom:tcpreplay:4.3.0:beta1:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 02-04-2022 - 03:30)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

fedora	FEDORA-2019-a9c08d4b40 FEDORA-2019-e40253f67e
misc	https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay/README.md#use-after-free-in-post_args https://github.com/appneta/tcpreplay/issues/489

Last major update

02-04-2022 - 03:30

Published

17-10-2018 - 04:29

Last modified

02-04-2022 - 03:30