CVE-2023-27786

HIGH

Broadcom Tcpreplay - NULL Pointer Dereference

Title source: rule

Description

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function.

References (5)

[Exploit, Issue Tracking, Patch] https://github.com/appneta/tcpreplay/issues/782

[Issue Tracking, Patch] https://github.com/appneta/tcpreplay/pull/783

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3ER3YTFR3XIDMYEB7LMFWFTPVQALBHC/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3J4LKYFNKPKNSLDQK4JG36THQMQH3V/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UK2BRH3W3ECF5FDXP6QM3ZEDTHIOE4M5/

Scores

CVSS v3 7.5

EPSS 0.0039

EPSS Percentile 59.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-476

Status published

Affected Products (1)

broadcom/tcpreplay

Timeline

Published Mar 16, 2023

Tracked Since Feb 18, 2026