VYPR

Tcpreplay

by Appneta

Source repositories

CVEs (26)

  • CVE-2017-14266HigSep 12, 2017
    risk 0.54cvss 7.8epss 0.04

    tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160.

  • CVE-2018-13112HigJul 3, 2018
    risk 0.49cvss 7.5epss 0.02

    get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep.

  • CVE-2018-17582HigSep 28, 2018
    risk 0.46cvss 7.1epss 0.01

    Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial…

  • CVE-2018-17580HigSep 28, 2018
    risk 0.46cvss 7.1epss 0.01

    A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file.

  • CVE-2024-54192MedFeb 10, 2026
    risk 0.36cvss 5.5epss 0.00

    An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit_dlt_getplugin function at src/tcpedit/plugins/dlt_utils.c.

  • CVE-2018-17974MedOct 3, 2018
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than…

  • CVE-2025-9386MedAug 24, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been…

  • CVE-2025-9385MedAug 24, 2025
    risk 0.34cvss 5.3epss 0.00

    A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. The attack is restricted to local execution. The exploit has been…

  • CVE-2025-9157MedAug 19, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on…

  • CVE-2025-9649LowAug 29, 2025
    risk 0.21cvss 3.3epss 0.00

    A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calc_sleep_time of the file send_packets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used.…

  • CVE-2025-9384LowAug 24, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpedit_post_args of the file /src/tcpedit/parse_args.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may…

  • CVE-2024-3024Mar 28, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The…

  • CVE-2023-4256Dec 21, 2023
    risk 0.00cvss epss 0.00

    Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local…

  • CVE-2023-27786Mar 16, 2023
    risk 0.00cvss epss 0.01

    An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function.

  • CVE-2023-27788Mar 16, 2023
    risk 0.00cvss epss 0.01

    An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint.

  • CVE-2023-27789Mar 16, 2023
    risk 0.00cvss epss 0.01

    An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint.

  • CVE-2022-28487May 4, 2022
    risk 0.00cvss epss 0.02

    Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality.

  • CVE-2021-45386Feb 11, 2022
    risk 0.00cvss epss 0.01

    tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c

  • CVE-2020-23273Sep 21, 2021
    risk 0.00cvss epss 0.01

    Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap.

  • CVE-2019-8381Feb 17, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have…

Page 1 of 2