CVE-2022-28487: 
NixOS vulnerability analysis and mitigation

CVE-2022-28487 is a memory leakage vulnerability discovered in Tcpreplay version 4.4.1, specifically affecting the fixipv6checksums() function. The vulnerability was identified in March 2022 and primarily impacts the data confidentiality aspect of the software (NVD, GitHub Issue).

The vulnerability is classified as a memory leakage flaw (CWE-401: Missing Release of Memory after Effective Lifetime) in the fixipv6checksums() function. It received a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility with no required privileges or user interaction (NVD).

The primary impact of this vulnerability is on data confidentiality, with the highest threat being potential exposure of sensitive information through memory leaks. The vulnerability affects the handling of IPv6 checksums in the application, which could lead to information disclosure (NVD).

The vulnerability was addressed in Tcpreplay version 4.4.2. Users are advised to upgrade to this version or later to mitigate the risk. Multiple distributions have released security updates, including Fedora and Gentoo, to address this vulnerability (Fedora Update, Gentoo Advisory).