Wind River Support Network

HomeDefectsLIN9-7558
Fixed

LIN9-7558 : Security Advisory - tcpreplay - CVE-2018-17582

Created: Oct 15, 2018    Updated: Jan 2, 2019
Resolved Date: Nov 12, 2018
Found In Version: 9.0.0.18
Fix Version: 9.0.0.19
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file.

https://nvd.nist.gov/vuln/detail/CVE-2018-17582

Other Downloads


CVEs


Live chat
Online