Source: tcpreplay Version: 4.2.6-1 Severity: important Tags: security upstream Forwarded: https://github.com/appneta/tcpreplay/issues/484
Hi, The following vulnerability was published for tcpreplay. CVE-2018-17582[0]: | Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The | get_next_packet() function in the send_packets.c file uses the memcpy() | function unsafely to copy sequences from the source buffer pktdata to | the destination (*prev_packet)->pktdata. This will result in a Denial | of Service (DoS) and potentially Information Exposure when the | application attempts to process a file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-17582 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17582 Please adjust the affected versions in the BTS as needed. Regards, Salvatore