CVE-2023-27789 : An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint.

Published 2023-03-16 15:15:11

Updated 2023-05-15 04:15:10

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2023-27789

Broadcom » Tcpreplay » Version: 4.4.3
cpe:2.3:a:broadcom:tcpreplay:4.4.3:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 50 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Assigned by: nvd@nist.gov (Primary)

Jump to