MGASA-2019-0158

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0158.html

Import Source

https://advisories.mageia.org/MGASA-2019-0158.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2019-0158

Related

Published

2019-05-12T09:35:33Z

Modified

2019-05-12T08:59:45Z

Summary

Updated tcpreplay packages fixes security vulnerabilities

Details

Updated tcpreplay package fixes security vulnerabilities:

An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function getlayer4v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact (CVE-2019-8376).

An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function getipv6l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact (CVE-2019-8377).

An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact (CVE-2019-8381).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / tcpreplay

Package

Name: tcpreplay
Purl: pkg:rpm/mageia/tcpreplay?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.2-1.mga6

Ecosystem specific

{
    "section": "core"
}