CVE-2022-28487 in tcpreplayinfo

Summary

by MITRE • 05/04/2022

Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 05/19/2026

The vulnerability identified as CVE-2022-28487 affects Tcpreplay version 4.4.1 and represents a memory leak flaw within the fix_ipv6_checksums() function. This issue arises in the context of network packet manipulation tools where tcpreplay is commonly used to replay network traffic captured in pcap files. The memory leak occurs during the processing of IPv6 packets when the software attempts to correct checksums, indicating a failure in proper memory management during packet handling operations.

The technical flaw manifests specifically within the fix_ipv6_checksums() function which is responsible for validating and correcting IPv6 packet checksums during replay operations. When this function processes IPv6 packets, it fails to properly release allocated memory resources, leading to gradual memory consumption over time. This memory leak can be triggered repeatedly during network traffic replay operations, particularly when processing large volumes of IPv6 packets. The vulnerability stems from inadequate memory deallocation practices within the function's implementation, where allocated memory blocks are not properly freed after checksum processing is complete.

The operational impact of this vulnerability extends beyond simple resource exhaustion, as it can significantly affect system stability and performance during extended network replay operations. While the primary threat is categorized as affecting data confidentiality, the memory leak can indirectly compromise system availability by consuming available memory resources. In environments where tcpreplay is used for continuous network monitoring or testing, this vulnerability can lead to system slowdowns or complete system crashes due to memory exhaustion. The threat to data confidentiality arises because compromised system stability may result in packet loss or corruption during replay operations, potentially exposing sensitive network data to unauthorized access or manipulation.

Mitigation strategies for CVE-2022-28487 should focus on immediate patching of affected tcpreplay installations to version 4.4.2 or later, which contains the necessary memory management fixes. System administrators should implement monitoring solutions to track memory consumption during tcpreplay operations and establish alerts for abnormal memory usage patterns. Additionally, organizations should consider implementing resource limits and process isolation for tcpreplay operations to prevent memory exhaustion from affecting other critical system processes. The vulnerability aligns with CWE-401, which addresses improper release of memory, and represents a concern for ATT&CK technique T1566 related to credential access through network sniffing and manipulation activities. Regular security assessments should include verification of tcpreplay versions and memory management practices to prevent exploitation of this vulnerability in production environments.

Reservation

04/04/2022

Disclosure

05/04/2022

Moderation

accepted

CPE

ready

EPSS

0.01918

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!