Vulnerability Description
A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Tcpreplay | 4.3.0 |
| Fedoraproject | Fedora | 28 |
Related Weaknesses (CWE)
References
- https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay/README.md#uThird Party Advisory
- https://github.com/appneta/tcpreplay/issues/489PatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay/README.md#uThird Party Advisory
- https://github.com/appneta/tcpreplay/issues/489PatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2018-18408?
CVE-2018-18408 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecifi...
How severe is CVE-2018-18408?
CVE-2018-18408 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-18408?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Tcpreplay, Fedoraproject Fedora.