Summary: | <net-analyzer/tcpreplay-4.3.2: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | netmon |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/appneta/tcpreplay/issues/538 | ||
See Also: |
https://github.com/appneta/tcpreplay/issues/536 https://github.com/appneta/tcpreplay/issues/538 https://github.com/appneta/tcpreplay/issues/537 |
||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=net-analyzer/tcpreplay-4.3.2
|
Runtime testing required: | No |
Description
D'juan McDonald (domhnall)
2019-02-18 03:15:10 UTC
Other issues awaiting CVE assignment: https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_ipv6_l4proto-tcpreplay-4-3-1/ https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_layer4_v6-tcpreplay-4-3-1/ Perhaps I should slow down a bit, apologies. These are the CVEs https://nvd.nist.gov/vuln/detail/CVE-2019-8377 An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. https://nvd.nist.gov/vuln/detail/CVE-2019-8376 An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. Perhaps I should slow down a bit, apologies. These are the CVEs https://nvd.nist.gov/vuln/detail/CVE-2019-8377 An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. https://nvd.nist.gov/vuln/detail/CVE-2019-8376 An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dffabcbf5eaf67bbb49b27ea4bb9d7ca6158f343 commit dffabcbf5eaf67bbb49b27ea4bb9d7ca6158f343 Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2019-03-12 21:12:04 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2019-03-12 21:13:01 +0000 net-analyzer/tcpreplay: Version 4.3.2 Bug: https://bugs.gentoo.org/678266 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/tcpreplay/Manifest | 1 + net-analyzer/tcpreplay/tcpreplay-4.3.2.ebuild | 74 +++++++++++++++++++++++++++ 2 files changed, 75 insertions(+) Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself. @arches, please stabilize. amd64 stable x86 stable tree is clean |