dc5c8acd86
This fixes the following vulnerabilities:
- CVE-2023-4256:
Within tcpreplay's tcprewrite, a double free vulnerability has been
identified in the tcpedit_dlt_cleanup() function within
plugins/dlt_plugins.c. This vulnerability can be exploited by
supplying a specifically crafted file to the tcprewrite binary. This
flaw enables a local attacker to initiate a Denial of Service (DoS)
attack.
https://www.cve.org/CVERecord?id=CVE-2023-4256
- CVE-2023-43279:
Null Pointer Dereference in mask_cidr6 component at cidr.c in
Tcpreplay 4.4.4 allows attackers to crash the application via crafted
tcprewrite command.
https://www.cve.org/CVERecord?id=CVE-2023-43279
- CVE-2024-22654:
tcpreplay v4.4.4 was discovered to contain an infinite loop via the
tcprewrite function at get.c.
https://www.cve.org/CVERecord?id=CVE-2024-22654
See the release notes:
https://github.com/appneta/tcpreplay/releases/tag/v4.5.1
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 31619696b9)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>