Advisories » MGASA-2024-0305

Updated tcpreplay package fix security vulnerability

Publication date: 16 Sep 2024
Modification date: 16 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-3024

Description

A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been
classified as problematic. This affects the function get_layer4_v6 of
the file /tcpreplay/src/common/get.c. The manipulation leads to
heap-based buffer overflow. Attacking locally is a requirement. The
exploit has been disclosed to the public and may be used. The identifier
VDB-258333 was assigned to this vulnerability. NOTE: The vendor was
contacted early about this disclosure but did not respond in any way.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33432
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4BWGIIYEAY4GRICOGIWO26TNMKVEV62/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3024

SRPMS

9/core

• tcpreplay-4.5.1-1.mga9