Mageia: 2019-0094 Critical: Tcpreplay DoS Issues Addressed

mageia

February 20, 2019

An issue was discovered in Tcpreplay 4.3.0 beta1

Summary

An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service. (CVE-2018-17974)
A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file. (CVE-2018-17580)
Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=24148

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5UTDLO275Z67H3IN6UL57U6OAI4R3G5I/

- https://www.cve.org/CVERecord?id=CVE-2018-17974

- https://www.cve.org/CVERecord?id=CVE-2018-17580

- https://www.cve.org/CVERecord?id=CVE-2018-17582

- https://www.cve.org/CVERecord?id=CVE-2018-18407

- https://www.cve.org/CVERecord?id=CVE-2018-18408

Topics Covered

security advisory security issue critical DoS heap over-read Mageia tcpreplay

Resolution

SRPMS

- 6/core/tcpreplay-4.3.1-1.mga6

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 20 Feb 2019

URL: https://advisories.mageia.org/MGASA-2019-0094.html

Type: security

CVE: CVE-2018-17974, CVE-2018-17580, CVE-2018-17582, CVE-2018-18407, CVE-2018-18408

Topics Covered

security advisory security issue critical DoS heap over-read Mageia tcpreplay

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia: 2019-0094 Critical: Tcpreplay DoS Issues Addressed

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia: 2019-0094 Critical: Tcpreplay DoS Issues Addressed

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!