{"id":"USN-5205-1","summary":"tcpreplay vulnerabilities","details":"It was discovered that Tcpreplay incorrectly handled certain specially crafted\npacket capture input when processed by tcpprep. An attacker could possibly use\nthis issue to cause a denial of service. This issue only affected\nUbuntu 18.04 ESM. (CVE-2018-13112)\n\nIt was discovered that Tcpreplay incorrectly handled certain specially crafted\npacket capture input. An attacker could possibly use this issue to cause a denial\nof service or expose sensitive information. This issue only affected\nUbuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-17580, CVE-2018-17582)\n\nIt was discovered that Tcpreplay incorrectly handled certain specially crafted\npacket capture input. An attacker could possibly use this issue to cause a denial\nof service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.\n(CVE-2018-17974, CVE-2018-18407)\n\nIt was discovered that a use-after-free existed in Tcpreplay in the tcpbridge\nbinary. An attacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-18408)\n\nIt was discovered that Tcpreplay incorrectly handled certain specially crafted\npacket capture input. An attacker could possibly use this issue to cause a\ndenial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM\nand Ubuntu 20.04 ESM. (CVE-2018-20552, CVE-2018-20553)\n\nIt was discovered that a heap-based buffer over-read that existed in Tcpreplay\ncaused an application crash when tcprewrite or tcpreplay-edit received specially\ncrafted packet capture input. An attacker could possibly use this to cause a\ndenial of service or to expose sensitive information. This issue only affected\nUbuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12740)\n\nIt was discovered that Tcpreplay incorrectly handled certain specially crafted\npacket capture input when processed by tcpprep. An attacker could possibly use\nthis issue to cause a denial of service. This issue only affected\nUbuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-24265, CVE-2020-24266)\n\nIt was discovered that Tcpreplay incorrectly handled certain specially crafted\npacket capture input when processed by tcprewrite. An attacker could possibly\nuse this issue to cause a denial of service. This issue only affected Ubuntu\n22.04 ESM. (CVE-2022-27416)\n\nIt was discovered that Tcpreplay did not properly manage memory under certain\ncircumstances. If a user were tricked into opening a specially crafted packet\ncapture file, a remote attacker could possibly use this issue to cause\nTcpreplay crash, resulting in a denial of service, or possibly read sensitive\ndata. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM and Ubuntu\n22.04 ESM. (CVE-2022-28487)\n","modified":"2026-02-10T04:42:24Z","published":"2022-10-04T11:15:02Z","related":["UBUNTU-CVE-2018-13112","UBUNTU-CVE-2018-17580","UBUNTU-CVE-2018-17582","UBUNTU-CVE-2018-17974","UBUNTU-CVE-2018-18407","UBUNTU-CVE-2018-18408","UBUNTU-CVE-2018-20552","UBUNTU-CVE-2018-20553","UBUNTU-CVE-2020-12740","UBUNTU-CVE-2020-24265","UBUNTU-CVE-2020-24266","UBUNTU-CVE-2022-27416"],"upstream":["CVE-2018-13112","CVE-2018-17580","CVE-2018-17582","CVE-2018-17974","CVE-2018-18407","CVE-2018-18408","CVE-2018-20552","CVE-2018-20553","CVE-2020-12740","CVE-2020-24265","CVE-2020-24266","CVE-2022-27416","CVE-2022-28487","UBUNTU-CVE-2018-13112","UBUNTU-CVE-2018-17580","UBUNTU-CVE-2018-17582","UBUNTU-CVE-2018-17974","UBUNTU-CVE-2018-18407","UBUNTU-CVE-2018-18408","UBUNTU-CVE-2018-20552","UBUNTU-CVE-2018-20553","UBUNTU-CVE-2020-12740","UBUNTU-CVE-2020-24265","UBUNTU-CVE-2020-24266","UBUNTU-CVE-2022-27416","UBUNTU-CVE-2022-28487"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5205-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-13112"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-17580"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-17582"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-17974"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-18407"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-18408"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20552"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20553"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-12740"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-24265"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-24266"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-27416"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-28487"}],"affected":[{"package":{"name":"tcpreplay","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/tcpreplay@3.4.4-2+deb8u1ubuntu0.1~esm2?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.4-2+deb8u1ubuntu0.1~esm2"}]}],"versions":["3.4.4-2","3.4.4-2+deb8u1build0.16.04.1","3.4.4-2+deb8u1ubuntu0.1~esm1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"3.4.4-2+deb8u1ubuntu0.1~esm2","binary_name":"tcpreplay"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5205-1.json","cves_map":{"cves":[{"id":"CVE-2018-18408","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2018-20552","severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2018-20553","severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"tcpreplay","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/tcpreplay@4.2.6-1ubuntu0.1~esm4?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.6-1ubuntu0.1~esm4"}]}],"versions":["4.2.6-1","4.2.6-1ubuntu0.1~esm1","4.2.6-1ubuntu0.1~esm2","4.2.6-1ubuntu0.1~esm3"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"4.2.6-1ubuntu0.1~esm4","binary_name":"tcpreplay"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5205-1.json","cves_map":{"cves":[{"id":"CVE-2022-28487","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"tcpreplay","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/tcpreplay@4.3.2-1ubuntu0.1~esm2?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.3.2-1ubuntu0.1~esm2"}]}],"versions":["4.3.2-1build1","4.3.2-1ubuntu0.1~esm1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"4.3.2-1ubuntu0.1~esm2","binary_name":"tcpreplay"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5205-1.json","cves_map":{"cves":[{"id":"CVE-2022-28487","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}},{"package":{"name":"tcpreplay","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/tcpreplay@4.3.4-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.3.4-1ubuntu0.1~esm1"}]}],"versions":["4.3.3-2","4.3.4-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"4.3.4-1ubuntu0.1~esm1","binary_name":"tcpreplay"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5205-1.json","cves_map":{"cves":[{"id":"CVE-2022-27416","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-28487","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:22.04:LTS"}}}],"schema_version":"1.7.3"}