Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia: 2022-0345 Moderate: Tcpreplay Memory Leak and Overflow

mageia
Calendar Grey September 26, 2022
Dist Mageia Esm H88
The recent tcpreplay patch addresses crucial vulnerabilities in Ubuntu, bolstering data security.
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c

Summary

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. (CVE-2022-27939)
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. (CVE-2022-27940)
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. (CVE-2022-27941)
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. (CVE-2022-27942)
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. (CVE-2022-28487)
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. (CVE-2022-37047)
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. (CVE-2022-37048)
The component tcpprep in Tcpreplay v4.4.1 was discover...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30822

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5/

- https://www.cve.org/CVERecord?id=CVE-2022-27939

- https://www.cve.org/CVERecord?id=CVE-2022-27940

- https://www.cve.org/CVERecord?id=CVE-2022-27941

- https://www.cve.org/CVERecord?id=CVE-2022-27942

- https://www.cve.org/CVERecord?id=CVE-2022-28487

- https://www.cve.org/CVERecord?id=CVE-2022-37047

- https://www.cve.org/CVERecord?id=CVE-2022-37048

- https://www.cve.org/CVERecord?id=CVE-2022-37049

Topics%20covered

Topics Covered

security advisory moderate buffer overflow memory leak data confidentiality Mageia tcpreplay

Resolution

SRPMS

- 8/core/tcpreplay-4.4.2-1.mga8

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 26 Sep 2022
URL: https://advisories.mageia.org/MGASA-2022-0345.html
Type: security
CVE: CVE-2022-27939, CVE-2022-27940, CVE-2022-27941, CVE-2022-27942, CVE-2022-28487, CVE-2022-37047, CVE-2022-37048, CVE-2022-37049

Topics%20covered

Topics Covered

security advisory moderate buffer overflow memory leak data confidentiality Mageia tcpreplay

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here