| Summary: | <net-analyzer/tcpreplay-4.1.2-r1: Buffer overflow in tcpcapinfo utility (CVE-2017-6429) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | netmon |
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1429520 | ||
| Whiteboard: | B3 [noglsa/cve] | ||
| Package list: |
=net-analyzer/tcpreplay-4.1.2-r1
|
Runtime testing required: | --- |
Upstream appears to be working leisurely toward a 4.2.0 release and has not (yet) released a 4.1 branch version that fixes the issue. Arch teams, please test and mark stable: =net-analyzer/tcpreplay-4.1.2-r1 Targeted stable KEYWORDS : amd64 x86 CVE-2017-6429 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6429): Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet. amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. No ACE/RCE, downgraded to B3. GLSA Vote: No Repository is clean, all done. |
From ${URL} : Tcpcapinfo utility of Tcpreplay has a buffer overflow vulnerability associated with parsing a crafted pcap file. This occurs in the src/tcpcapinfo.c file when capture has a packet that is too large to handle. References: http://seclists.org/bugtraq/2017/Mar/22 Upstream bug: https://github.com/appneta/tcpreplay/issues/278 Upstream patch: https://github.com/appneta/tcpreplay/commit/d689d14dbcd768c028eab2fb378d849e543dcfe9 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.