Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 612224 (CVE-2017-6429)

Summary: <net-analyzer/tcpreplay-4.1.2-r1: Buffer overflow in tcpcapinfo utility (CVE-2017-6429)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: netmon
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa/cve]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2017-03-10 16:33:05 UTC
From ${URL} :

Tcpcapinfo utility of Tcpreplay has a buffer overflow vulnerability associated with parsing a crafted pcap file. This occurs in the src/tcpcapinfo.c file when capture has a packet that is too large to handle.


Upstream bug:

Upstream patch:

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2017-03-18 11:31:45 UTC
Upstream appears to be working leisurely toward a 4.2.0 release and has not (yet) released a 4.1 branch version that fixes the issue.

Arch teams, please test and mark stable:
Targeted stable KEYWORDS : amd64 x86
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2017-03-19 14:24:18 UTC
CVE-2017-6429 (
  Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1
  allows remote attackers to have unspecified impact via a pcap file with an
  over-size packet.
Comment 3 Agostino Sarubbo gentoo-dev 2017-03-20 12:28:48 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2017-03-21 14:34:33 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 5 Thomas Deutschmann gentoo-dev 2017-03-23 20:27:19 UTC
No ACE/RCE, downgraded to B3.

GLSA Vote: No

Repository is clean, all done.