{"id":"MGASA-2022-0345","summary":"Updated tcpreplay packages fix security vulnerability","details":"tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6\nin common/get.c. (CVE-2022-27939)\n\ntcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in\nget_ipv6_next in common/get.c. (CVE-2022-27940)\n\ntcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in\nget_l2len_protocol in common/get.c. (CVE-2022-27941)\n\ntcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls\nin common/get.c. (CVE-2022-27942)\n\nTcpreplay version 4.4.1 contains a memory leakage flaw in\nfix_ipv6_checksums() function. The highest threat from this vulnerability\nis to data confidentiality. (CVE-2022-28487)\n\nThe component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a\nheap-based buffer overflow in get_ipv6_next at common/get.c:713.\n(CVE-2022-37047)\n\nThe component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a\nheap-based buffer overflow in get_l2len_protocol at common/get.c:344.\n(CVE-2022-37048)\n\nThe component tcpprep in Tcpreplay v4.4.1 was discovered to contain a\nheap-based buffer overflow in parse_mpls at common/get.c:150.\n(CVE-2022-37049)\n","modified":"2026-01-31T05:16:30.402994Z","published":"2022-09-26T06:22:36Z","related":["CVE-2022-27939","CVE-2022-27940","CVE-2022-27941","CVE-2022-27942","CVE-2022-28487","CVE-2022-37047","CVE-2022-37048","CVE-2022-37049"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0345.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30822"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5/"}],"affected":[{"package":{"name":"tcpreplay","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/tcpreplay?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.2-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0345.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}