CVE-2019-8376
published 2019-02-17CVE-2019-8376: An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by…
PriorityP431high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
1.32%
67.2th percentile
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| broadcom | tcpreplay | — | — |
| broadcom | tcpreplay | >= 0 < 4.3.1-2 | 4.3.1-2 |
| broadcom | tcpreplay | >= 0 < 4.3.1-2 | 4.3.1-2 |
| broadcom | tcpreplay | >= 0 < 4.3.1-2 | 4.3.1-2 |
| broadcom | tcpreplay | >= 0 < 4.3.1-2 | 4.3.1-2 |
| debian | tcpreplay | < tcpreplay 4.3.1-2 (bookworm) | tcpreplay 4.3.1-2 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2019-8376: tcpreplay - An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred ...
vendor_debian·2019·CVSS 7.8
CVE-2019-8376 [HIGH] CVE-2019-8376: tcpreplay - An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred ...
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Scope: local
bookworm: resolved (fixed in 4.3.1-2)
bullseye: resolved (fixed in 4.3.1-2)
forky: resolved (fixed in 4.3.1-2)
sid: resolved (fixed in 4.3.1-2)
trixie: resolved (fixed in 4.3.1-2)
GHSA
GHSA-ff2p-6rhf-qvm3: An issue was discovered in Tcpreplay 4
ghsa_unreviewed·2022-05-13
CVE-2019-8376 [HIGH] CWE-476 GHSA-ff2p-6rhf-qvm3: An issue was discovered in Tcpreplay 4
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
OSV
CVE-2019-8376: An issue was discovered in Tcpreplay 4
osv·2019-02-17·CVSS 7.8
CVE-2019-8376 [HIGH] CVE-2019-8376: An issue was discovered in Tcpreplay 4
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-8376 tcpreplay: null pointer dereference in function get_layer4_v6() in get.c [epel-all]
bugzilla·2019-02-18·CVSS 7.8
CVE-2019-8376 [HIGH] CVE-2019-8376 tcpreplay: null pointer dereference in function get_layer4_v6() in get.c [epel-all]
CVE-2019-8376 tcpreplay: null pointer dereference in function get_layer4_v6() in get.c [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple
Bugzilla
CVE-2019-8376 tcpreplay: null pointer dereference in function get_layer4_v6() in get.c
bugzilla·2019-02-18·CVSS 7.8
CVE-2019-8376 [HIGH] CVE-2019-8376 tcpreplay: null pointer dereference in function get_layer4_v6() in get.c
CVE-2019-8376 tcpreplay: null pointer dereference in function get_layer4_v6() in get.c
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References:
https://github.com/appneta/tcpreplay/issues/537
https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_layer4_v6-tcpreplay-4-3-1/
Discussion:
Created tcpreplay tracking bugs for this issue:
Affects: fedora-all [bug 1678241]
---
Created tcpreplay tracking bugs for this issue:
Affects: epel-all [bug 1678242]
---
This CVE Bugzil
Bugzilla
CVE-2019-8376 tcpreplay: null pointer dereference in function get_layer4_v6() in get.c [fedora-all]
bugzilla·2019-02-18·CVSS 7.8
CVE-2019-8376 [HIGH] CVE-2019-8376 tcpreplay: null pointer dereference in function get_layer4_v6() in get.c [fedora-all]
CVE-2019-8376 tcpreplay: null pointer dereference in function get_layer4_v6() in get.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multi
http://www.securityfocus.com/bid/107085https://github.com/appneta/tcpreplay/issues/537https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EB3ASS7URTIA3IFSBL2DIWJAFKTBJCAW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLPY6W7Z7G6PF2JN4LXXHCACYLD4RBG6/https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_layer4_v6-tcpreplay-4-3-1/http://www.securityfocus.com/bid/107085https://github.com/appneta/tcpreplay/issues/537https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EB3ASS7URTIA3IFSBL2DIWJAFKTBJCAW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLPY6W7Z7G6PF2JN4LXXHCACYLD4RBG6/https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_layer4_v6-tcpreplay-4-3-1/
2019-02-17
Published