ALT-BU-2022-7234-1
Branch sisyphus_e2k update bulletin.
Package tcpreplay updated to version 4.4.2-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-25484
tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.
Modified: 2024-11-21
CVE-2022-27416
Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.
Modified: 2024-11-21
CVE-2022-27418
Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.
Modified: 2024-11-21
CVE-2022-27939
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.
Modified: 2024-11-21
CVE-2022-27940
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.
Modified: 2024-11-21
CVE-2022-27941
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.
Modified: 2024-11-21
CVE-2022-27942
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.
Modified: 2024-11-21
CVE-2022-28487
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality.
- https://github.com/appneta/tcpreplay/issues/723
- https://github.com/appneta/tcpreplay/issues/723
- https://github.com/appneta/tcpreplay/pull/720
- https://github.com/appneta/tcpreplay/pull/720
- FEDORA-2022-47484afa15
- FEDORA-2022-47484afa15
- FEDORA-2022-680ea95f71
- FEDORA-2022-680ea95f71
- FEDORA-2022-d31a521866
- FEDORA-2022-d31a521866
- GLSA-202210-08
- GLSA-202210-08
Modified: 2024-11-21
CVE-2022-37047
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940.
Modified: 2024-11-21
CVE-2022-37048
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941.
Modified: 2024-11-21
CVE-2022-37049
The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942.
Package jobe updated to version 1.7.0-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-36642
A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affects the function run_in_sandbox of the file application/libraries/LanguageTask.php. The manipulation leads to command injection. Upgrading to version 1.7.0 is able to address this issue. The identifier of the patch is 8f43daf50c943b98eaf0c542da901a4a16e85b02. It is recommended to upgrade the affected component. The identifier VDB-217553 was assigned to this vulnerability.
- https://github.com/trampgeek/jobe/commit/8f43daf50c943b98eaf0c542da901a4a16e85b02
- https://github.com/trampgeek/jobe/commit/8f43daf50c943b98eaf0c542da901a4a16e85b02
- https://github.com/trampgeek/jobe/issues/39
- https://github.com/trampgeek/jobe/issues/39
- https://github.com/trampgeek/jobe/releases/tag/v1.7.0
- https://github.com/trampgeek/jobe/releases/tag/v1.7.0
- https://vuldb.com/?ctiid.217553
- https://vuldb.com/?ctiid.217553
- https://vuldb.com/?id.217553
- https://vuldb.com/?id.217553