Source: tcpreplay
Version: 4.2.6-1
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/appneta/tcpreplay/issues/488

Hi,

The following vulnerability was published for tcpreplay.

CVE-2018-18407[0]:
| A heap-based buffer over-read was discovered in the tcpreplay-edit
| binary of Tcpreplay 4.3.0 beta1, during the incremental checksum
| operation. The issue gets triggered in the function csum_replace4() in
| incremental_checksum.h, causing a denial of service.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-18407
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18407
[1] https://github.com/appneta/tcpreplay/issues/488
[2] https://github.com/appneta/tcpreplay/pull/496

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply via email to