CVE-2019-8377
published 2019-02-17CVE-2019-8377: An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by…
PriorityP431high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
1.32%
67.2th percentile
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| broadcom | tcpreplay | — | — |
| broadcom | tcpreplay | >= 0 < 4.3.1-2 | 4.3.1-2 |
| broadcom | tcpreplay | >= 0 < 4.3.1-2 | 4.3.1-2 |
| broadcom | tcpreplay | >= 0 < 4.3.1-2 | 4.3.1-2 |
| broadcom | tcpreplay | >= 0 < 4.3.1-2 | 4.3.1-2 |
| debian | tcpreplay | < tcpreplay 4.3.1-2 (bookworm) | tcpreplay 4.3.1-2 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2019-8377: tcpreplay - An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred ...
vendor_debian·2019·CVSS 7.8
CVE-2019-8377 [HIGH] CVE-2019-8377: tcpreplay - An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred ...
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Scope: local
bookworm: resolved (fixed in 4.3.1-2)
bullseye: resolved (fixed in 4.3.1-2)
forky: resolved (fixed in 4.3.1-2)
sid: resolved (fixed in 4.3.1-2)
trixie: resolved (fixed in 4.3.1-2)
GHSA
GHSA-4w4c-cf9c-3rj3: An issue was discovered in Tcpreplay 4
ghsa_unreviewed·2022-05-13
CVE-2019-8377 [HIGH] CWE-476 GHSA-4w4c-cf9c-3rj3: An issue was discovered in Tcpreplay 4
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
OSV
CVE-2019-8377: An issue was discovered in Tcpreplay 4
osv·2019-02-17·CVSS 7.8
CVE-2019-8377 [HIGH] CVE-2019-8377: An issue was discovered in Tcpreplay 4
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-8377 tcpreplay: null pointer dereference in function get_ipv6_l4proto() in get.c
bugzilla·2019-02-18·CVSS 7.8
CVE-2019-8377 [HIGH] CVE-2019-8377 tcpreplay: null pointer dereference in function get_ipv6_l4proto() in get.c
CVE-2019-8377 tcpreplay: null pointer dereference in function get_ipv6_l4proto() in get.c
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References:
https://github.com/appneta/tcpreplay/issues/536
https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_ipv6_l4proto-tcpreplay-4-3-1/
Discussion:
Created tcpreplay tracking bugs for this issue:
Affects: fedora-all [bug 1678244]
---
Created tcpreplay tracking bugs for this issue:
Affects: epel-all [bug 1678246]
---
This C
Bugzilla
CVE-2019-8377 tcpreplay: null pointer dereference in function get_ipv6_l4proto() in get.c [epel-all]
bugzilla·2019-02-18·CVSS 7.8
CVE-2019-8377 [HIGH] CVE-2019-8377 tcpreplay: null pointer dereference in function get_ipv6_l4proto() in get.c [epel-all]
CVE-2019-8377 tcpreplay: null pointer dereference in function get_ipv6_l4proto() in get.c [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multip
Bugzilla
CVE-2019-8377 tcpreplay: null pointer dereference in function get_ipv6_l4proto() in get.c [fedora-all]
bugzilla·2019-02-18·CVSS 7.8
CVE-2019-8377 [HIGH] CVE-2019-8377 tcpreplay: null pointer dereference in function get_ipv6_l4proto() in get.c [fedora-all]
CVE-2019-8377 tcpreplay: null pointer dereference in function get_ipv6_l4proto() in get.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mu
Bugzilla
CVE-2019-8377 tcpreplay: null pointer dereference in function get_ipv6_l4proto() in get.c [epel-all]
bugzilla·2019-02-18·CVSS 7.8
CVE-2019-8377 [HIGH] CVE-2019-8377 tcpreplay: null pointer dereference in function get_ipv6_l4proto() in get.c [epel-all]
CVE-2019-8377 tcpreplay: null pointer dereference in function get_ipv6_l4proto() in get.c [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multip
http://www.securityfocus.com/bid/107085https://github.com/appneta/tcpreplay/issues/536https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4YAT4AGTHQKB74ETOQPJMV67TSDIAPOC/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EB3ASS7URTIA3IFSBL2DIWJAFKTBJCAW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLPY6W7Z7G6PF2JN4LXXHCACYLD4RBG6/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UOSEIQ3D2OONCJEVMGC2TYBC2QX4E5EJ/https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_ipv6_l4proto-tcpreplay-4-3-1/http://www.securityfocus.com/bid/107085https://github.com/appneta/tcpreplay/issues/536https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4YAT4AGTHQKB74ETOQPJMV67TSDIAPOC/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EB3ASS7URTIA3IFSBL2DIWJAFKTBJCAW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLPY6W7Z7G6PF2JN4LXXHCACYLD4RBG6/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UOSEIQ3D2OONCJEVMGC2TYBC2QX4E5EJ/https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_ipv6_l4proto-tcpreplay-4-3-1/
2019-02-17
Published