Source: tcpreplay Version: 4.2.6-1 Severity: important Tags: security upstream Forwarded: https://github.com/appneta/tcpreplay/issues/477
Hi, The following vulnerability was published for tcpreplay. CVE-2018-13112[0]: | get_l2len in common/get.c in Tcpreplay 4.3.0 beta 1 allows remote | attackers to cause a denial of service (heap-based buffer over-read and | application crash) via crafted packets, as demonstrated by tcpprep. its verifiable as well with the upstream attached poc and an ASAN build of tcpreplay. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-13112 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13112 [1] https://github.com/appneta/tcpreplay/issues/477 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
