Advisories ยป MGASA-2022-0345

Updated tcpreplay packages fix security vulnerability

Publication date: 26 Sep 2022
Modification date: 26 Sep 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-27939 , CVE-2022-27940 , CVE-2022-27941 , CVE-2022-27942 , CVE-2022-28487 , CVE-2022-37047 , CVE-2022-37048 , CVE-2022-37049

Description

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6
in common/get.c. (CVE-2022-27939)

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in
get_ipv6_next in common/get.c. (CVE-2022-27940)

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in
get_l2len_protocol in common/get.c. (CVE-2022-27941)

tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls
in common/get.c. (CVE-2022-27942)

Tcpreplay version 4.4.1 contains a memory leakage flaw in
fix_ipv6_checksums() function. The highest threat from this vulnerability
is to data confidentiality. (CVE-2022-28487)

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a
heap-based buffer overflow in get_ipv6_next at common/get.c:713.
(CVE-2022-37047)

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a
heap-based buffer overflow in get_l2len_protocol at common/get.c:344.
(CVE-2022-37048)

The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a
heap-based buffer overflow in parse_mpls at common/get.c:150.
(CVE-2022-37049)

References

SRPMS

8/core