Candidate: CVE-2018-17580
PublicDate: 2018-09-28 09:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17580
 https://github.com/appneta/tcpreplay/issues/485
 https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay
Description:
 A heap-based buffer over-read exists in the function fast_edit_packet() in
 the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial
 of Service (DoS) and potentially Information Exposure when the application
 attempts to process a crafted pcap file.
Ubuntu-Description:
Notes:
 ccdm94> same fix as CVE-2020-17582
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H [7.1 HIGH]


Patches_tcpreplay:
 upstream: https://github.com/appneta/tcpreplay/pull/491/commits/68f67b1a3a4d319543692afb5bd5b191ec984287
upstream_tcpreplay: released (4.3.0)
precise/esm_tcpreplay: DNE
trusty_tcpreplay: ignored (reached end-of-life)
trusty/esm_tcpreplay: DNE (trusty was needed)
xenial_tcpreplay: ignored (end of standard support, was needed)
bionic_tcpreplay: needed
cosmic_tcpreplay: ignored (reached end-of-life)
disco_tcpreplay: not-affected (4.3.1-2)
eoan_tcpreplay: ignored (reached end-of-life)
focal_tcpreplay: not-affected (4.3.2-1build1)
groovy_tcpreplay: ignored (reached end-of-life)
hirsute_tcpreplay: not-affected (4.3.3-2)
impish_tcpreplay: not-affected (4.3.3-2)
jammy_tcpreplay: not-affected
devel_tcpreplay: not-affected