https://nvd.nist.gov/vuln/detail/CVE-2018-20552: Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c. https://nvd.nist.gov/vuln/detail/CVE-2018-20553: Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c. pr:https://github.com/appneta/tcpreplay/pull/532
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e70150d187c1358ab9b2ff8d65c6afdf187877bb commit e70150d187c1358ab9b2ff8d65c6afdf187877bb Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2018-12-31 17:40:25 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2018-12-31 17:40:50 +0000 net-analyzer/tcpreplay: Old Package-Manager: Portage-2.3.53, Repoman-2.3.12 Bug: https://bugs.gentoo.org/674156 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/tcpreplay/Manifest | 1 - net-analyzer/tcpreplay/tcpreplay-4.2.6.ebuild | 74 --------------------------- 2 files changed, 75 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=176877f778d193e7af634c1d38db2841bc7108f6 commit 176877f778d193e7af634c1d38db2841bc7108f6 Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2018-12-31 17:39:01 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2018-12-31 17:40:49 +0000 net-analyzer/tcpreplay: Version 4.3.1 Package-Manager: Portage-2.3.53, Repoman-2.3.12 Bug: https://bugs.gentoo.org/674156 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/tcpreplay/Manifest | 2 +- .../files/tcpreplay-4.3.0-enable-pcap_findalldevs.patch | 11 +++++++++++ .../{tcpreplay-4.3.0_beta1.ebuild => tcpreplay-4.3.1.ebuild} | 8 ++++---- 3 files changed, 16 insertions(+), 5 deletions(-)