Summary: | <net-analyzer/tcpreplay-4.1.2-r1: Buffer overflow in tcpcapinfo utility (CVE-2017-6429) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | netmon |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1429520 | ||
Whiteboard: | B3 [noglsa/cve] | ||
Package list: |
=net-analyzer/tcpreplay-4.1.2-r1
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2017-03-10 16:33:05 UTC
Upstream appears to be working leisurely toward a 4.2.0 release and has not (yet) released a 4.1 branch version that fixes the issue. Arch teams, please test and mark stable: =net-analyzer/tcpreplay-4.1.2-r1 Targeted stable KEYWORDS : amd64 x86 CVE-2017-6429 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6429): Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet. amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. No ACE/RCE, downgraded to B3. GLSA Vote: No Repository is clean, all done. |