CVE-2019-8381
published 2019-02-17CVE-2019-8381: An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to…
PriorityP431high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
1.05%
59.9th percentile
An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| broadcom | tcpreplay | — | — |
| broadcom | tcpreplay | — | — |
| broadcom | tcpreplay | >= 0 < 4.3.1-2 | 4.3.1-2 |
| broadcom | tcpreplay | >= 0 < 4.3.3-1 | 4.3.3-1 |
| broadcom | tcpreplay | >= 0 < 4.3.1-2 | 4.3.1-2 |
| broadcom | tcpreplay | >= 0 < 4.3.3-1 | 4.3.3-1 |
| broadcom | tcpreplay | >= 0 < 4.3.1-2 | 4.3.1-2 |
| broadcom | tcpreplay | >= 0 < 4.3.3-1 | 4.3.3-1 |
| broadcom | tcpreplay | >= 0 < 4.3.1-2 | 4.3.1-2 |
| broadcom | tcpreplay | >= 0 < 4.3.3-1 | 4.3.3-1 |
| debian | tcpreplay | < tcpreplay 4.3.3-1 (bookworm) | tcpreplay 4.3.3-1 (bookworm) |
| debian | tcpreplay | < tcpreplay 4.3.1-2 (bookworm) | tcpreplay 4.3.1-2 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v6p2-879w-fx47: Buffer Overflow in Tcpreplay v4
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-18976 [HIGH] CWE-120 GHSA-v6p2-879w-fx47: Buffer Overflow in Tcpreplay v4
Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381.
GHSA
GHSA-2rfp-698j-hfvq: An issue was discovered in Tcpreplay 4
ghsa_unreviewed·2022-05-13
CVE-2019-8381 [HIGH] CWE-119 GHSA-2rfp-698j-hfvq: An issue was discovered in Tcpreplay 4
An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
OSV
CVE-2020-18976: Buffer Overflow in Tcpreplay v4
osv·2021-08-25·CVSS 7.8
CVE-2020-18976 [HIGH] CVE-2020-18976: Buffer Overflow in Tcpreplay v4
Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381.
OSV
CVE-2019-8381: An issue was discovered in Tcpreplay 4
osv·2019-02-17·CVSS 7.8
CVE-2019-8381 [HIGH] CVE-2019-8381: An issue was discovered in Tcpreplay 4
An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Debian
CVE-2020-18976: tcpreplay - Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Servic...
vendor_debian·2020·CVSS 7.8
CVE-2020-18976 [HIGH] CVE-2020-18976: tcpreplay - Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Servic...
Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381.
Scope: local
bookworm: resolved (fixed in 4.3.3-1)
bullseye: resolved (fixed in 4.3.3-1)
forky: resolved (fixed in 4.3.3-1)
sid: resolved (fixed in 4.3.3-1)
trixie: resolved (fixed in 4.3.3-1)
Debian
CVE-2019-8381: tcpreplay - An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in d...
vendor_debian·2019·CVSS 7.8
CVE-2019-8381 [HIGH] CVE-2019-8381: tcpreplay - An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in d...
An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Scope: local
bookworm: resolved (fixed in 4.3.1-2)
bullseye: resolved (fixed in 4.3.1-2)
forky: resolved (fixed in 4.3.1-2)
sid: resolved (fixed in 4.3.1-2)
trixie: resolved (fixed in 4.3.1-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-8381 tcpreplay: invalid memory access in function do_checksum in checksum.c
bugzilla·2019-02-18·CVSS 7.8
CVE-2019-8381 [HIGH] CVE-2019-8381 tcpreplay: invalid memory access in function do_checksum in checksum.c
CVE-2019-8381 tcpreplay: invalid memory access in function do_checksum in checksum.c
An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References:
https://github.com/appneta/tcpreplay/issues/538
https://research.loginsoft.com/bugs/invalid-memory-access-vulnerability-in-function-do_checksum-tcpreplay-4-3-1/
Discussion:
Created tcpreplay tracking bugs for this issue:
Affects: fedora-all [bug 1678230]
---
Created tcpreplay tracking bugs for this issue:
Affects: epel-all [bug 1678231]
---
This CVE Bugzilla entry is for community support
Bugzilla
CVE-2019-8381 tcpreplay: invalid memory access in function do_checksum in checksum.c [fedora-all]
bugzilla·2019-02-18·CVSS 7.8
CVE-2019-8381 [HIGH] CVE-2019-8381 tcpreplay: invalid memory access in function do_checksum in checksum.c [fedora-all]
CVE-2019-8381 tcpreplay: invalid memory access in function do_checksum in checksum.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multipl
Bugzilla
CVE-2019-8381 tcpreplay: invalid memory access in function do_checksum in checksum.c [epel-all]
bugzilla·2019-02-18·CVSS 7.8
CVE-2019-8381 [HIGH] CVE-2019-8381 tcpreplay: invalid memory access in function do_checksum in checksum.c [epel-all]
CVE-2019-8381 tcpreplay: invalid memory access in function do_checksum in checksum.c [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple su
https://github.com/appneta/tcpreplay/issues/538https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EB3ASS7URTIA3IFSBL2DIWJAFKTBJCAW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLPY6W7Z7G6PF2JN4LXXHCACYLD4RBG6/https://research.loginsoft.com/bugs/invalid-memory-access-vulnerability-in-function-do_checksum-tcpreplay-4-3-1/https://github.com/appneta/tcpreplay/issues/538https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EB3ASS7URTIA3IFSBL2DIWJAFKTBJCAW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLPY6W7Z7G6PF2JN4LXXHCACYLD4RBG6/https://research.loginsoft.com/bugs/invalid-memory-access-vulnerability-in-function-do_checksum-tcpreplay-4-3-1/
2019-02-17
Published