Advisories ยป MGASA-2023-0188

Updated tcpreplay packages fix security vulnerability

Publication date: 31 May 2023
Modification date: 31 May 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-27783 , CVE-2023-27784 , CVE-2023-27785 , CVE-2023-27786 , CVE-2023-27787 , CVE-2023-27788 , CVE-2023-27789

Description

An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to
cause a denial of service via the tcpedit_dlt_cleanup function at
plugins/dlt_plugins.c. (CVE-2023-27783)

An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a
denial of service via the read_hexstring function at the utils.c:309
endpoint. (CVE-2023-27784)

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to
cause a denial of service via the parse endpoints function.
(CVE-2023-27785)

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a
denial of service via the macinstring function. (CVE-2023-27786)

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a
denial of service via the parse_list function at the list.c:81 endpoint.
(CVE-2023-27787)

An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a
denial of service via the ports2PORT function at the portmap.c:69
endpoint. (CVE-2023-27788)

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a
denial of service via the cidr2cidr function at the cidr.c:178 endpoint.
(CVE-2023-27789)

References

SRPMS

8/core