Candidate: CVE-2018-18408
PublicDate: 2018-10-17 04:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18408
 https://github.com/appneta/tcpreplay/issues/489
 https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay/README.md#use-after-free-in-post_args
Description:
 A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0
 beta1. The issue gets triggered in the function post_args() at tcpbridge.c,
 causing a denial of service or possibly unspecified other impact.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_tcpreplay:
 upstream: https://github.com/appneta/tcpreplay/pull/497/commits/59dc76a1d641b1a6b22fd7cd409bee6e0a015616
upstream_tcpreplay: released (4.3.0)
precise/esm_tcpreplay: DNE
trusty_tcpreplay: ignored (reached end-of-life)
trusty/esm_tcpreplay: DNE (trusty was needed)
xenial_tcpreplay: ignored (end of standard support, was needed)
bionic_tcpreplay: needed
cosmic_tcpreplay: ignored (reached end-of-life)
disco_tcpreplay: not-affected (4.3.1-2)
eoan_tcpreplay: ignored (reached end-of-life)
focal_tcpreplay: not-affected (4.3.2-1build1)
groovy_tcpreplay: ignored (reached end-of-life)
hirsute_tcpreplay: not-affected (4.3.3-2)
impish_tcpreplay: not-affected (4.3.3-2)
jammy_tcpreplay: not-affected
devel_tcpreplay: not-affected