USN-5205-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-5205-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5205-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5205-1
Upstream
Related
Published
2022-10-04T11:15:02.361843Z
Modified
2025-10-13T04:35:42Z
Summary
tcpreplay vulnerabilities
Details

It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input when processed by tcpprep. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-13112)

It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-17580, CVE-2018-17582)

It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-17974, CVE-2018-18407)

It was discovered that a use-after-free existed in Tcpreplay in the tcpbridge binary. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-18408)

It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2018-20552, CVE-2018-20553)

It was discovered that a heap-based buffer over-read that existed in Tcpreplay caused an application crash when tcprewrite or tcpreplay-edit received specially crafted packet capture input. An attacker could possibly use this to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12740)

It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input when processed by tcpprep. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-24265, CVE-2020-24266)

It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input when processed by tcprewrite. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 ESM. (CVE-2022-27416)

It was discovered that Tcpreplay did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted packet capture file, a remote attacker could possibly use this issue to cause Tcpreplay crash, resulting in a denial of service, or possibly read sensitive data. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2022-28487)

References

Affected packages

Ubuntu:Pro:16.04:LTS / tcpreplay

Package

Name
tcpreplay
Purl
pkg:deb/ubuntu/tcpreplay@3.4.4-2+deb8u1ubuntu0.1~esm2?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.4-2+deb8u1ubuntu0.1~esm2

Affected versions

3.*

3.4.4-2
3.4.4-2+deb8u1build0.16.04.1
3.4.4-2+deb8u1ubuntu0.1~esm1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "3.4.4-2+deb8u1ubuntu0.1~esm2",
            "binary_name": "tcpreplay"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Database specific 

{
    "cves_map": {
        "cves": [
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "medium",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2018-18408"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "low",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2018-20552"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "low",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2018-20553"
            }
        ],
        "ecosystem": "Ubuntu:Pro:16.04:LTS"
    }
}

Ubuntu:Pro:18.04:LTS / tcpreplay

Package

Name
tcpreplay
Purl
pkg:deb/ubuntu/tcpreplay@4.2.6-1ubuntu0.1~esm4?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.6-1ubuntu0.1~esm4

Affected versions

4.*

4.2.6-1
4.2.6-1ubuntu0.1~esm1
4.2.6-1ubuntu0.1~esm2
4.2.6-1ubuntu0.1~esm3

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "4.2.6-1ubuntu0.1~esm4",
            "binary_name": "tcpreplay"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Database specific 

{
    "cves_map": {
        "cves": [
            {
                "severity": [
                    {
                        "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "medium",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2022-28487"
            }
        ],
        "ecosystem": "Ubuntu:Pro:18.04:LTS"
    }
}

Ubuntu:Pro:20.04:LTS / tcpreplay

Package

Name
tcpreplay
Purl
pkg:deb/ubuntu/tcpreplay@4.3.2-1ubuntu0.1~esm2?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.2-1ubuntu0.1~esm2

Affected versions

4.*

4.3.2-1build1
4.3.2-1ubuntu0.1~esm1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "4.3.2-1ubuntu0.1~esm2",
            "binary_name": "tcpreplay"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Database specific 

{
    "cves_map": {
        "cves": [
            {
                "severity": [
                    {
                        "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "medium",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2022-28487"
            }
        ],
        "ecosystem": "Ubuntu:Pro:20.04:LTS"
    }
}

Ubuntu:Pro:22.04:LTS / tcpreplay

Package

Name
tcpreplay
Purl
pkg:deb/ubuntu/tcpreplay@4.3.4-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.4-1ubuntu0.1~esm1

Affected versions

4.*

4.3.3-2
4.3.4-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "4.3.4-1ubuntu0.1~esm1",
            "binary_name": "tcpreplay"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Database specific 

{
    "cves_map": {
        "cves": [
            {
                "severity": [
                    {
                        "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "medium",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2022-27416"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "medium",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2022-28487"
            }
        ],
        "ecosystem": "Ubuntu:Pro:22.04:LTS"
    }
}