Unfortunately this issue got reopened rather than having the a new issue being opened. I considered original bugs being fixed in 4.3.1 by preventing invalid data from reaching the functions. The author of the issue took exception to the fact that the function in question didn’t have safeguards adding to address potential issues in the future should there be regression.
The latest updates in 4.3.3 safeguards against future issues by additional checks in the functions rather than simply preventing bad data from reaching the functions. Regards, Fred. > On Jun 12, 2020, at 10:52 PM, Salvatore Bonaccorso <car...@debian.org> wrote: > > Hi Christoph, > > On Fri, Dec 28, 2018 at 10:12:14PM +0100, Salvatore Bonaccorso wrote: >> Source: tcpreplay >> Version: 4.2.6-1 >> Severity: important >> Tags: security upstream >> Forwarded: https://github.com/appneta/tcpreplay/issues/530 >> >> Hi, >> >> The following vulnerabilities were published for tcpreplay. >> >> CVE-2018-20552[0]: >> | Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree >> | in tree.c. >> >> CVE-2018-20553[1]: >> | Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len >> | in common/get.c. >> >> Unless I'm completely mistaken, I think the issues are at least >> present in 4.2.6, but please double check to be on safe side. >> >> If you fix the vulnerabilities please also make sure to include the >> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. >> >> For further information see: >> >> [0] https://security-tracker.debian.org/tracker/CVE-2018-20552 >> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20552 >> [1] https://security-tracker.debian.org/tracker/CVE-2018-20553 >> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20553 >> [2] https://github.com/appneta/tcpreplay/issues/530 >> >> Please adjust the affected versions in the BTS as needed. > > Reopened this bug report, as it looks from upstream discussion in > https://github.com/appneta/tcpreplay/issues/530#issuecomment-480219130 > and following that the fixes were not correct. > > Regards, > Salvatore >
