CVE-2022-27942 (https://github.com/appneta/tcpreplay/issues/719): tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. CVE-2022-27941 (https://github.com/appneta/tcpreplay/issues/716): tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. CVE-2022-27940 (https://github.com/appneta/tcpreplay/issues/718): tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. CVE-2022-27939 (https://github.com/appneta/tcpreplay/issues/717): tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. Unfixed upstream.
CVE-2022-28487 (https://github.com/appneta/tcpreplay/pull/720): Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality.
All issues are patched in the 4.4.2 *branch*, doesn't seem Github has a release of 4.4.2 yet.
CVE-2022-37047 (https://github.com/appneta/tcpreplay/issues/734): The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940. Patched by https://github.com/appneta/tcpreplay/issues/718 CVE-2022-37048 (https://github.com/appneta/tcpreplay/issues/735): The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941. Patched by https://github.com/appneta/tcpreplay/pull/744 CVE-2022-37049 (https://github.com/appneta/tcpreplay/issues/736): The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942. Patched by https://github.com/appneta/tcpreplay/issues/718
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f8a5c2cc9833bc9c4f85eb8be95bc5dcc83ea8e8 commit f8a5c2cc9833bc9c4f85eb8be95bc5dcc83ea8e8 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-08-27 05:57:30 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-27 06:05:56 +0000 net-analyzer/tcpreplay: add 4.4.2 Bug: https://bugs.gentoo.org/836240 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/tcpreplay/Manifest | 1 + net-analyzer/tcpreplay/tcpreplay-4.4.2.ebuild | 86 +++++++++++++++++++++++++++ net-analyzer/tcpreplay/tcpreplay-9999.ebuild | 1 - 3 files changed, 87 insertions(+), 1 deletion(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=88ba016aa774dab2e07e26e0c461ed03c93e6462 commit 88ba016aa774dab2e07e26e0c461ed03c93e6462 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-16 14:42:49 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-16 14:45:24 +0000 [ GLSA 202210-08 ] Tcpreplay: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/833139 Bug: https://bugs.gentoo.org/836240 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-08.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d5ed53a1fde4bc265745acf50499481a20054a1 commit 5d5ed53a1fde4bc265745acf50499481a20054a1 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-10-16 15:03:41 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-16 15:03:41 +0000 net-analyzer/tcpreplay: drop 4.3.4, 4.4.1 Bug: https://bugs.gentoo.org/836240 Bug: https://bugs.gentoo.org/833139 Signed-off-by: John Helmert III <ajak@gentoo.org> net-analyzer/tcpreplay/Manifest | 2 - net-analyzer/tcpreplay/tcpreplay-4.3.4.ebuild | 77 ------------------------ net-analyzer/tcpreplay/tcpreplay-4.4.1.ebuild | 87 --------------------------- 3 files changed, 166 deletions(-)
GLSA released, all done!
