Source: tcpreplay Version: 4.2.6-1 Severity: important Tags: security upstream Forwarded: https://github.com/appneta/tcpreplay/issues/530
Hi, The following vulnerabilities were published for tcpreplay. CVE-2018-20552[0]: | Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree | in tree.c. CVE-2018-20553[1]: | Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len | in common/get.c. Unless I'm completely mistaken, I think the issues are at least present in 4.2.6, but please double check to be on safe side. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-20552 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20552 [1] https://security-tracker.debian.org/tracker/CVE-2018-20553 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20553 [2] https://github.com/appneta/tcpreplay/issues/530 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
