CVE-2020-12740 (https://nvd.nist.gov/vuln/detail/CVE-2020-12740): ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. ---- tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c.
tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d01ec5e9c47c9253ead65635bac33d16aacc9ad commit 2d01ec5e9c47c9253ead65635bac33d16aacc9ad Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2020-06-05 05:26:25 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2020-06-05 05:28:03 +0000 net-analyzer/tcpreplay: Version 4.3.3_beta1 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Bug: https://bugs.gentoo.org/show_bug.cgi?id=721662 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/tcpreplay/Manifest | 1 + .../tcpreplay/tcpreplay-4.3.3_beta1.ebuild | 74 ++++++++++++++++++++++ 2 files changed, 75 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a7f07d5ca45c74621c4dbc51d030cf50ecb50864 commit a7f07d5ca45c74621c4dbc51d030cf50ecb50864 Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2020-06-15 07:27:12 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2020-06-15 07:30:52 +0000 net-analyzer/tcpreplay: Version 4.3.3 Package-Manager: Portage-2.3.101, Repoman-2.3.22 Bug: https://bugs.gentoo.org/show_bug.cgi?id=721662 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/tcpreplay/Manifest | 2 +- .../tcpreplay/{tcpreplay-4.3.3_beta1.ebuild => tcpreplay-4.3.3.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-)
@maintainer(s), thanks! Let us know when ready for stabilisation or call yourself.
(In reply to Sam James (sec padawan) from comment #4) > @maintainer(s), thanks! Let us know when ready for stabilisation or call > yourself. If no objections, I'll CC-ARCHES.
x86 stable
amd64 stable ---- Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=665863d84651aebe7975237e9b4d1bcfc2c31d2e commit 665863d84651aebe7975237e9b4d1bcfc2c31d2e Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2020-07-19 10:41:48 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2020-07-19 10:42:54 +0000 net-analyzer/tcpreplay: Old Package-Manager: Portage-2.3.103, Repoman-2.3.23 Bug: https://bugs.gentoo.org/show_bug.cgi?id=721662 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/tcpreplay/Manifest | 1 - net-analyzer/tcpreplay/tcpreplay-4.3.2.ebuild | 74 --------------------------- 2 files changed, 75 deletions(-)
Thanks.