MGASA-2020-0437

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0437.html

Import Source

https://advisories.mageia.org/MGASA-2020-0437.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0437

Related

CVE-2020-24265
CVE-2020-24266

Published

2020-11-23T19:51:37Z

Modified

2020-11-23T19:13:42Z

Summary

Updated tcpreplay package fixes security vulnerabilities

Details

An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service (CVE-2020-24265).

An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service (CVE-2020-24266).

References

https://advisories.mageia.org/MGASA-2020-0437.html
https://bugs.mageia.org/show_bug.cgi?id=27489
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/M623ONZKOZL5Y7XQNHKXEPV76XYCPXQM/

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2020-0437

Affected packages