AppNeta Tcpreplay 4.4.4 Heap Overflow in get_layer4_v6
CVE-2024-3024 Published on March 28, 2024
appneta tcpreplay get.c get_layer4_v6 heap-based overflow
A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2024-3024
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-3024 are published in these products:
Affected Versions
appneta tcpreplay:- Version 4.4.0 is affected.
- Version 4.4.1 is affected.
- Version 4.4.2 is affected.
- Version 4.4.3 is affected.
- Version 4.4.4 is affected.
- Version 4.4.0, <= 4.4.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.