Register | Log in

tcpreplay

Tool to replay saved tcpdump files at arbitrary speeds

Choose email to subscribe with

general

source: tcpreplay (main)
version: 4.3.2-1
maintainer: Christoph Biedl (DMD)
arch: any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.4.4-2+deb8u1
oldstable: 3.4.4-3
stable: 4.3.1-1
testing: 4.3.2-1
unstable: 4.3.2-1

versioned links

3.4.4-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.4.4-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.3.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.3.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

tcpreplay

action needed

8 ignored security issues in jessie low

There are 8 open security issues in jessie.

8 issues skipped by the security teams:

CVE-2018-13112: get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep.
CVE-2018-17580: A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file.
CVE-2018-20553: Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c.
CVE-2018-17974: An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service.
CVE-2018-20552: Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c.
CVE-2018-18407: A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service.
CVE-2018-17582: Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file.
CVE-2018-18408: A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.

Please fix them.

Created: 2018-07-04 Last update: 2019-08-01 05:38

8 ignored security issues in stretch low

There are 8 open security issues in stretch.

8 issues skipped by the security teams:

CVE-2018-13112: get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep.
CVE-2018-17580: A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file.
CVE-2018-20553: Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c.
CVE-2018-17974: An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service.
CVE-2018-20552: Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c.
CVE-2018-18407: A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service.
CVE-2018-17582: Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file.
CVE-2018-18408: A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.

Please fix them.

Created: 2018-07-04 Last update: 2019-08-01 05:38

news

[2019-08-01] tcpreplay 4.3.2-1 MIGRATED to testing (Debian testing watch)
[2019-07-26] Accepted tcpreplay 4.3.2-1 (source) into unstable (Christoph Biedl)
[2019-07-09] tcpreplay 4.3.1-2 MIGRATED to testing (Debian testing watch)
[2019-03-13] Accepted tcpreplay 4.3.1-2 (source) into unstable (Christoph Biedl)
[2019-02-22] tcpreplay 4.3.1-1 MIGRATED to testing (Debian testing watch)
[2019-02-12] Accepted tcpreplay 4.3.1-1 (source) into unstable (Christoph Biedl)
[2017-08-07] tcpreplay 4.2.6-1 MIGRATED to testing (Debian testing watch)
[2017-08-02] Accepted tcpreplay 4.2.6-1 (source armel) into unstable (Christoph Biedl)
[2017-06-20] tcpreplay 4.2.5-1 MIGRATED to testing (Debian testing watch)
[2017-05-16] Accepted tcpreplay 4.2.6-1~exp1 (source powerpc) into experimental (Christoph Biedl)
[2017-05-09] Accepted tcpreplay 4.2.5-1 (source powerpc) into unstable (Christoph Biedl)
[2017-04-30] Accepted tcpreplay 4.2.4-1 (source powerpc) into unstable (Christoph Biedl)
[2016-07-09] tcpreplay 3.4.4-3 MIGRATED to testing (Debian testing watch)
[2016-07-08] Accepted tcpreplay 3.4.4-2+deb8u1 (source) into proposed-updates->stable-new, proposed-updates (Christoph Biedl) (signed by: Salvatore Bonaccorso)
[2016-07-07] Accepted tcpreplay 3.4.3-2+wheezy2 (source amd64) into oldstable (signed by: Salvatore Bonaccorso)
[2016-07-03] Accepted tcpreplay 3.4.4-3 (source amd64) into unstable (Noël Köthe) (signed by: Noèl Köthe)
[2013-05-05] tcpreplay 3.4.4-2 MIGRATED to testing (Debian testing watch)
[2012-07-16] tcpreplay 3.4.3-2+wheezy1 MIGRATED to testing (Debian testing watch)
[2012-07-13] Accepted tcpreplay 3.4.3-2+wheezy1 (source amd64) (Noël Köthe) (signed by: Noèl Köthe)
[2012-07-07] Accepted tcpreplay 3.4.4-2 (source amd64) (Noël Köthe) (signed by: Noèl Köthe)
[2012-07-06] Accepted tcpreplay 3.4.4-1 (source amd64) (Noël Köthe) (signed by: Noèl Köthe)
[2009-08-06] tcpreplay 3.4.3-2 MIGRATED to testing (Debian testing watch)
[2009-07-25] Accepted tcpreplay 3.4.3-2 (source amd64) (Noèl Köthe)
[2009-07-09] tcpreplay 3.4.3-1 MIGRATED to testing (Debian testing watch)
[2009-06-26] Accepted tcpreplay 3.4.3-1 (source amd64) (Noèl Köthe)
[2009-03-04] tcpreplay 3.4.1-1 MIGRATED to testing (Debian testing watch)
[2009-02-21] Accepted tcpreplay 3.4.1-1 (source amd64) (Noèl Köthe)
[2009-02-16] tcpreplay 3.3.2-1 MIGRATED to testing (Debian testing watch)
[2008-11-15] Accepted tcpreplay 3.3.2-1 (source amd64) (Noèl Köthe)
[2008-06-02] tcpreplay 3.3.1-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.3.2-1build1
1 bug (1 patch)

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing