Unrated severityOSV Advisory· Published Oct 3, 2018· Updated Aug 5, 2024

CVE-2018-17974

Description

An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Heap-based buffer over-read in Tcpreplay 4.3.0 beta1 dlt_en10mb_encode() function leads to denial of service.

Vulnerability

A heap-based buffer over-read vulnerability exists in the dlt_en10mb_encode() function in plugins/dlt_en10mb/en10mb.c of Tcpreplay 4.3.0 beta1 (4.3 branch). The function uses memmove() with a length (pktlen + ctx->l2len) that can exceed the source buffer (packet + ctx->l2len) because it fails to validate the packet length, resulting in reading beyond allocated memory. [2]

Exploitation

An attacker can exploit this vulnerability by crafting a malicious pcap file that triggers the vulnerable code path. The crash is reproducible using the command sudo tcpreplay-edit --cachefile=example.cache --intf1=ens33 --intf2=lo --enet-vlan=add --enet-vlan-tag=40 $POC. No authentication is required, but user interaction is needed to execute tcpreplay on the malicious file. [2]

Impact

The heap buffer over-read causes a segmentation fault, leading to denial of service. No other impact, such as information disclosure or code execution, has been reported. [2]

Mitigation

As of the publication date, no patch has been released. Users are advised to avoid running Tcpreplay on untrusted pcap files until a fix is provided. The vulnerability is not listed on the CISA KEV. [2]

References

Heap overflow in dlt_en10mb_encode()

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Appneta/TcpreplayOSV
Range: v3.4.2, v3.4.3, v3.4.4, …
tcpreplay/tcpreplay-editllm-fuzzy
Range: = 4.3.0 beta1
osv-coords
pkg:rpm/opensuse/tcpreplay&distro=openSUSE%20Tumbleweed
Range: < 4.3.4-1.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/SegfaultMasters/covering360/tree/master/tcpreplaymitrex_refsource_MISC
github.com/appneta/tcpreplay/issues/486mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000