USN-7231-1: Tcpreplay vulnerabilities
Ubuntu DesktopCanonical
Update from:USN-7231-1: Tcpreplay vulnerabilities
28 January 2025
Tcpreplay could be made to crash if it received specially crafted input.
Releases
Ubuntu 24.04 LTS Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM
Packages
tcpreplay - Tool to replay saved tcpdump files at arbitrary speeds
Details
It was discovered that Tcpreplay incorrectly handled memory when using the
tcprewrite utility. A remote attacker could possibly use this issue to
cause Tcpreplay to crash, resulting in a denial of service.
(CVE-2023-27783)
It was discovered that Tcpreplay incorrectly validated external input. A
remote attacker could possibly use this issue to cause Tcpreplay to crash,
resulting in a denial of service. (CVE-2023-27784, CVE-2023-27785,
CVE-2023-27786, CVE-2023-27787, CVE-2023-27788, CVE-2023-27789)
It was discovered that Tcpreplay incorrectly handled memory when using the
tcprewrite utility. An attacker could possibly use this issue to cause
Tcpreplay to crash, resulting in a denial of service. (CVE-2023-4256,
CVE-2023-43279)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.04
- tcpreplay - 4.4.4-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 - tcpreplay - 4.3.4-1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 20.04 - tcpreplay - 4.3.2-1ubuntu0.1~esm3
Available with Ubuntu Pro
Ubuntu 18.04 - tcpreplay - 4.2.6-1ubuntu0.1~esm5
Available with Ubuntu Pro
Ubuntu 16.04 - tcpreplay - 3.4.4-2+deb8u1ubuntu0.1~esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
