A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.
CPE | Name | Operator | Version |
---|---|---|---|
tcpreplay | eq | 4.0.4 | |
tcpreplay | eq | 4.1.0beta2 | |
tcpreplay | eq | 4.2.5 | |
tcpreplay | eq | 4.1.0 | |
tcpreplay | eq | 4.0.0 | |
tcpreplay | eq | 4.2.3 | |
tcpreplay | eq | 4.3.0-beta1 | |
tcpreplay | eq | 4.1.1-beta2 | |
tcpreplay | eq | 4.2.0-beta1 | |
tcpreplay | eq | 4.0.1 |
github.com/appneta/tcpreplay/issues/489
github.com/SegfaultMasters/covering360/blob/master/tcpreplay/README.md#use-after-free-in-post_args
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLPY6W7Z7G6PF2JN4LXXHCACYLD4RBG6/