674156 – (CVE-2018-20552, CVE-2018-20553) <net-analyzer/tcpreplay-4.3.1: multiple vulnerabilities

Bug 674156 (CVE-2018-20552, CVE-2018-20553) - <net-analyzer/tcpreplay-4.3.1: multiple vulnerabilities

Summary: <net-analyzer/tcpreplay-4.3.1: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2018-20552, CVE-2018-20553

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://github.com/appneta/tcpreplay/...
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2018-12-31 06:24 UTC by Melissa Mcdonald
Modified:	2019-03-24 02:33 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Melissa Mcdonald 2018-12-31 06:24:24 UTC

https://nvd.nist.gov/vuln/detail/CVE-2018-20552:
Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c.


https://nvd.nist.gov/vuln/detail/CVE-2018-20553:
Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c.

pr:https://github.com/appneta/tcpreplay/pull/532

Comment 1 Larry the Git Cow gentoo-dev

2018-12-31 17:40:55 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e70150d187c1358ab9b2ff8d65c6afdf187877bb

commit e70150d187c1358ab9b2ff8d65c6afdf187877bb
Author:     Jeroen Roovers <jer@gentoo.org>
AuthorDate: 2018-12-31 17:40:25 +0000
Commit:     Jeroen Roovers <jer@gentoo.org>
CommitDate: 2018-12-31 17:40:50 +0000

    net-analyzer/tcpreplay: Old
    
    Package-Manager: Portage-2.3.53, Repoman-2.3.12
    Bug: https://bugs.gentoo.org/674156
    Signed-off-by: Jeroen Roovers <jer@gentoo.org>

 net-analyzer/tcpreplay/Manifest               |  1 -
 net-analyzer/tcpreplay/tcpreplay-4.2.6.ebuild | 74 ---------------------------
 2 files changed, 75 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=176877f778d193e7af634c1d38db2841bc7108f6

commit 176877f778d193e7af634c1d38db2841bc7108f6
Author:     Jeroen Roovers <jer@gentoo.org>
AuthorDate: 2018-12-31 17:39:01 +0000
Commit:     Jeroen Roovers <jer@gentoo.org>
CommitDate: 2018-12-31 17:40:49 +0000

    net-analyzer/tcpreplay: Version 4.3.1
    
    Package-Manager: Portage-2.3.53, Repoman-2.3.12
    Bug: https://bugs.gentoo.org/674156
    Signed-off-by: Jeroen Roovers <jer@gentoo.org>

 net-analyzer/tcpreplay/Manifest                               |  2 +-
 .../files/tcpreplay-4.3.0-enable-pcap_findalldevs.patch       | 11 +++++++++++
 .../{tcpreplay-4.3.0_beta1.ebuild => tcpreplay-4.3.1.ebuild}  |  8 ++++----
 3 files changed, 16 insertions(+), 5 deletions(-)