usn-5205-1
Vulnerability from osv_ubuntu
It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input when processed by tcpprep. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-13112)
It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-17580, CVE-2018-17582)
It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-17974, CVE-2018-18407)
It was discovered that a use-after-free existed in Tcpreplay in the tcpbridge binary. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-18408)
It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2018-20552, CVE-2018-20553)
It was discovered that a heap-based buffer over-read that existed in Tcpreplay caused an application crash when tcprewrite or tcpreplay-edit received specially crafted packet capture input. An attacker could possibly use this to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12740)
It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input when processed by tcpprep. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-24265, CVE-2020-24266)
It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input when processed by tcprewrite. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 ESM. (CVE-2022-27416)
It was discovered that Tcpreplay did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted packet capture file, a remote attacker could possibly use this issue to cause Tcpreplay crash, resulting in a denial of service, or possibly read sensitive data. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2022-28487)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2018-18408",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-20552",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-20553",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "tcpreplay",
"binary_version": "3.4.4-2+deb8u1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "tcpreplay",
"purl": "pkg:deb/ubuntu/tcpreplay@3.4.4-2+deb8u1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.4-2+deb8u1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.4-2",
"3.4.4-2+deb8u1build0.16.04.1",
"3.4.4-2+deb8u1ubuntu0.1~esm1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2022-28487",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "tcpreplay",
"binary_version": "4.2.6-1ubuntu0.1~esm4"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "tcpreplay",
"purl": "pkg:deb/ubuntu/tcpreplay@4.2.6-1ubuntu0.1~esm4?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.2.6-1ubuntu0.1~esm4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.2.6-1",
"4.2.6-1ubuntu0.1~esm1",
"4.2.6-1ubuntu0.1~esm2",
"4.2.6-1ubuntu0.1~esm3"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2022-28487",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "tcpreplay",
"binary_version": "4.3.2-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "tcpreplay",
"purl": "pkg:deb/ubuntu/tcpreplay@4.3.2-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.3.2-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.3.2-1build1",
"4.3.2-1ubuntu0.1~esm1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2022-27416",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-28487",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "tcpreplay",
"binary_version": "4.3.4-1ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "tcpreplay",
"purl": "pkg:deb/ubuntu/tcpreplay@4.3.4-1ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.3.4-1ubuntu0.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.3.3-2",
"4.3.4-1"
]
}
],
"aliases": [],
"details": "It was discovered that Tcpreplay incorrectly handled certain specially crafted\npacket capture input when processed by tcpprep. An attacker could possibly use\nthis issue to cause a denial of service. This issue only affected\nUbuntu 18.04 ESM. (CVE-2018-13112)\n\nIt was discovered that Tcpreplay incorrectly handled certain specially crafted\npacket capture input. An attacker could possibly use this issue to cause a denial\nof service or expose sensitive information. This issue only affected\nUbuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-17580, CVE-2018-17582)\n\nIt was discovered that Tcpreplay incorrectly handled certain specially crafted\npacket capture input. An attacker could possibly use this issue to cause a denial\nof service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.\n(CVE-2018-17974, CVE-2018-18407)\n\nIt was discovered that a use-after-free existed in Tcpreplay in the tcpbridge\nbinary. An attacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-18408)\n\nIt was discovered that Tcpreplay incorrectly handled certain specially crafted\npacket capture input. An attacker could possibly use this issue to cause a\ndenial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM\nand Ubuntu 20.04 ESM. (CVE-2018-20552, CVE-2018-20553)\n\nIt was discovered that a heap-based buffer over-read that existed in Tcpreplay\ncaused an application crash when tcprewrite or tcpreplay-edit received specially\ncrafted packet capture input. An attacker could possibly use this to cause a\ndenial of service or to expose sensitive information. This issue only affected\nUbuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12740)\n\nIt was discovered that Tcpreplay incorrectly handled certain specially crafted\npacket capture input when processed by tcpprep. An attacker could possibly use\nthis issue to cause a denial of service. This issue only affected\nUbuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-24265, CVE-2020-24266)\n\nIt was discovered that Tcpreplay incorrectly handled certain specially crafted\npacket capture input when processed by tcprewrite. An attacker could possibly\nuse this issue to cause a denial of service. This issue only affected Ubuntu\n22.04 ESM. (CVE-2022-27416)\n\nIt was discovered that Tcpreplay did not properly manage memory under certain\ncircumstances. If a user were tricked into opening a specially crafted packet\ncapture file, a remote attacker could possibly use this issue to cause\nTcpreplay crash, resulting in a denial of service, or possibly read sensitive\ndata. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM and Ubuntu\n22.04 ESM. (CVE-2022-28487)\n",
"id": "USN-5205-1",
"modified": "2026-06-25T10:46:03Z",
"published": "2022-10-04T11:15:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5205-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-13112"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-17580"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-17582"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-17974"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-18407"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-18408"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-20552"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-20553"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-12740"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-24265"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-24266"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-27416"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-28487"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "tcpreplay vulnerabilities",
"upstream": [
"UBUNTU-CVE-2018-13112",
"UBUNTU-CVE-2018-17580",
"UBUNTU-CVE-2018-17582",
"UBUNTU-CVE-2018-17974",
"UBUNTU-CVE-2018-18407",
"UBUNTU-CVE-2018-18408",
"UBUNTU-CVE-2018-20552",
"UBUNTU-CVE-2018-20553",
"UBUNTU-CVE-2020-12740",
"UBUNTU-CVE-2020-24265",
"UBUNTU-CVE-2020-24266",
"UBUNTU-CVE-2022-27416",
"UBUNTU-CVE-2022-28487"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.