CVE-2023-4256: Tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c

First published: Tue Dec 19 2023(Updated: )

tcprewrite in tcpreplay v4.4.4 and v.4.4.3 has a double free in function tcpedit_dlt_cleanup in plugins/dlt_plugins.c. It can be triggered by sending a crafted file to the tcprewrite binary. It allows a local attacker to cause Denial of Service or possibly have unspecified other impact. <a href="https://github.com/appneta/tcpreplay/issues/813">https://github.com/appneta/tcpreplay/issues/813</a>

Credit: secalert@redhat.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/softwarecombine
• agent/first-publish-date
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2023-4256
• agent/type
• agent/author
• agent/severity
• agent/title
• agent/event
• collector/nvd-api
• source/NVD
• agent/software-canonical-lookup
• agent/description
• agent/weakness
• agent/last-modified-date
• agent/references
• agent/tags
• collector/mitre-cve
• source/MITRE
• vendor/broadcom
• canonical/broadcom tcpreplay
• version/broadcom tcpreplay/4.4.3
• version/broadcom tcpreplay/4.4.4
• vendor/fedoraproject
• canonical/fedoraproject extra packages for enterprise linux
• version/fedoraproject extra packages for enterprise linux/8.0
• canonical/fedoraproject fedora
• version/fedoraproject fedora/39