openSUSE Build Service

Security update for tcpreplay

This update for tcpreplay fixes the following issues:

- update to 4.5.2:
* features added since 4.4.4
- fix/recalculate header checksum for ipv6-frag
- IPv6 frag checksum support
- AF_XDP socket support
- tcpreplay -w (write into a pcap file)
- tcpreaplay --fixhdrlen
- --include and --exclude options
- SLL2 support
- Haiku support
* security fixes reported for 4.4.4 fixed in 4.5.2
- CVE-2023-4256 / boo#1218249
- CVE-2023-43279 / boo#1221324
- CVE-2024-3024 / boo#1222131 (likely)
- CVE-2024-22654 / boo#1243845
- CVE-2025-9157 / boo#1248322
- CVE-2025-9384 / boo#1248595
- CVE-2025-9385 / boo#1248596
- CVE-2025-9386 / boo#1248597
- CVE-2025-9649 / boo#1248964
- CVE-2025-51006 / boo#1250356
- see https://github.com/appneta/tcpreplay/compare/v4.4.4...v4.5.2
for full changelog
- security fix for CVE-2025-8746 / boo#1247919

Submitted by Michal Kubeček (mkubecek)

Fixed bugs

VUL-0: CVE-2025-9384: A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpedit_post_args of the file /src/tcpedit/parse_args.c. The manipulation results in null pointer dereference. The attack is only possible w ...

bnc#1250356

VUL-0: CVE-2025-51006: tcpreplay: double free in tcprewrite via a crafted pcap file

bnc#1221324

VUL-0: CVE-2023-43279: tcpreplay: null pointer dereference in mask_cidr6 component at cidr.c

bnc#1247919

VUL-0: CVE-2025-8746: tcpreplay: autogen: improper input validation and memory bounds checking when processing certain malformed configuration files

bnc#1248964

VUL-0: CVE-2025-9649: tcpreplay: division-by-zero in the `calc_sleep_time` function of file send_packets.c when processing malformed PPS parameters

bnc#1218249

VUL-0: CVE-2023-4256: tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c

bnc#1248596

VUL-0: CVE-2025-9385: A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. The attack is restri ...

bnc#1243845

VUL-0: CVE-2024-22654: tcpreplay: Infinite loop in tcpreplay with malformed ipv6 headers

bnc#1248322

VUL-0: CVE-2025-9157: tcpreplay: The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite.

bnc#1222131

VUL-0: CVE-2024-3024: tcpreplay: heap-based buffer overflow

bnc#1248597

VUL-0: CVE-2025-9386: A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must b ...

Places

Fixed bugs

Selected Binaries

Places