Summary: | <net-analyzer/tcpreplay-4.3.3_beta1: Buffer overflow in get_ipv6_next in common/get.c (CVE-2020-12740) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | netmon |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/appneta/tcpreplay/issues/576 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=net-analyzer/tcpreplay-4.3.3
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
![]() tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d01ec5e9c47c9253ead65635bac33d16aacc9ad commit 2d01ec5e9c47c9253ead65635bac33d16aacc9ad Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2020-06-05 05:26:25 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2020-06-05 05:28:03 +0000 net-analyzer/tcpreplay: Version 4.3.3_beta1 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Bug: https://bugs.gentoo.org/show_bug.cgi?id=721662 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/tcpreplay/Manifest | 1 + .../tcpreplay/tcpreplay-4.3.3_beta1.ebuild | 74 ++++++++++++++++++++++ 2 files changed, 75 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a7f07d5ca45c74621c4dbc51d030cf50ecb50864 commit a7f07d5ca45c74621c4dbc51d030cf50ecb50864 Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2020-06-15 07:27:12 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2020-06-15 07:30:52 +0000 net-analyzer/tcpreplay: Version 4.3.3 Package-Manager: Portage-2.3.101, Repoman-2.3.22 Bug: https://bugs.gentoo.org/show_bug.cgi?id=721662 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/tcpreplay/Manifest | 2 +- .../tcpreplay/{tcpreplay-4.3.3_beta1.ebuild => tcpreplay-4.3.3.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-) @maintainer(s), thanks! Let us know when ready for stabilisation or call yourself. (In reply to Sam James (sec padawan) from comment #4) > @maintainer(s), thanks! Let us know when ready for stabilisation or call > yourself. If no objections, I'll CC-ARCHES. x86 stable amd64 stable ---- Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=665863d84651aebe7975237e9b4d1bcfc2c31d2e commit 665863d84651aebe7975237e9b4d1bcfc2c31d2e Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2020-07-19 10:41:48 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2020-07-19 10:42:54 +0000 net-analyzer/tcpreplay: Old Package-Manager: Portage-2.3.103, Repoman-2.3.23 Bug: https://bugs.gentoo.org/show_bug.cgi?id=721662 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/tcpreplay/Manifest | 1 - net-analyzer/tcpreplay/tcpreplay-4.3.2.ebuild | 74 --------------------------- 2 files changed, 75 deletions(-) Thanks. |