CVE-2023-43279
published 2024-03-12CVE-2023-43279: Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command.
PriorityP428medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
0.67%
47.5th percentile
Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| broadcom | tcpreplay | — | — |
| broadcom | tcpreplay | >= 0 < 4.5.1-1 | 4.5.1-1 |
| broadcom | tcpreplay | >= 0 < 4.5.1-1 | 4.5.1-1 |
| broadcom | tcpreplay | >= 0 < 3.4.4-2+deb8u1ubuntu0.1~esm3 | 3.4.4-2+deb8u1ubuntu0.1~esm3 |
| broadcom | tcpreplay | >= 0 < 4.2.6-1ubuntu0.1~esm5 | 4.2.6-1ubuntu0.1~esm5 |
| broadcom | tcpreplay | >= 0 < 4.3.2-1ubuntu0.1~esm3 | 4.3.2-1ubuntu0.1~esm3 |
| broadcom | tcpreplay | >= 0 < 4.3.4-1ubuntu0.1~esm2 | 4.3.4-1ubuntu0.1~esm2 |
| broadcom | tcpreplay | >= 0 < 4.4.4-1ubuntu0.1~esm1 | 4.4.4-1ubuntu0.1~esm1 |
| debian | tcpreplay | < tcpreplay 4.5.1-1 (forky) | tcpreplay 4.5.1-1 (forky) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian6.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Tcpreplay vulnerabilities
vendor_ubuntu·2025-01-28·CVSS 7.5
CVE-2023-27783 [HIGH] Tcpreplay vulnerabilities
Title: Tcpreplay vulnerabilities
Summary: Tcpreplay could be made to crash if it received specially crafted input.
It was discovered that Tcpreplay incorrectly handled memory when using the
tcprewrite utility. A remote attacker could possibly use this issue to
cause Tcpreplay to crash, resulting in a denial of service.
(CVE-2023-27783)
It was discovered that Tcpreplay incorrectly validated external input. A
remote attacker could possibly use this issue to cause Tcpreplay to crash,
resulting in a denial of service. (CVE-2023-27784, CVE-2023-27785,
CVE-2023-27786, CVE-2023-27787, CVE-2023-27788, CVE-2023-27789)
It was discovered that Tcpreplay incorrectly handled memory when using the
tcprewrite utility. An attacker could possibly use this issue to cause
Tcpreplay to crash, resulting in
Debian
CVE-2023-43279: tcpreplay - Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 al...
vendor_debian·2023·CVSS 6.5
CVE-2023-43279 [MEDIUM] CVE-2023-43279: tcpreplay - Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 al...
Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 4.5.1-1)
sid: resolved (fixed in 4.5.1-1)
trixie: resolved (fixed in 4.5.1-1)
OSV
tcpreplay vulnerabilities
osv·2025-01-28·CVSS 7.5
CVE-2023-27783 [HIGH] tcpreplay vulnerabilities
tcpreplay vulnerabilities
It was discovered that Tcpreplay incorrectly handled memory when using the
tcprewrite utility. A remote attacker could possibly use this issue to
cause Tcpreplay to crash, resulting in a denial of service.
(CVE-2023-27783)
It was discovered that Tcpreplay incorrectly validated external input. A
remote attacker could possibly use this issue to cause Tcpreplay to crash,
resulting in a denial of service. (CVE-2023-27784, CVE-2023-27785,
CVE-2023-27786, CVE-2023-27787, CVE-2023-27788, CVE-2023-27789)
It was discovered that Tcpreplay incorrectly handled memory when using the
tcprewrite utility. An attacker could possibly use this issue to cause
Tcpreplay to crash, resulting in a denial of service. (CVE-2023-4256,
CVE-2023-43279)
GHSA
GHSA-34xc-f3c2-9gxw: Null Pointer Dereference in mask_cidr6 component at cidr
ghsa_unreviewed·2024-03-13
CVE-2023-43279 [MEDIUM] CWE-476 GHSA-34xc-f3c2-9gxw: Null Pointer Dereference in mask_cidr6 component at cidr
Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command.
OSV
CVE-2023-43279: Null Pointer Dereference in mask_cidr6 component at cidr
osv·2024-03-12·CVSS 6.5
CVE-2023-43279 [MEDIUM] CVE-2023-43279: Null Pointer Dereference in mask_cidr6 component at cidr
Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/appneta/tcpreplay/issues/824https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EHUILQV2YJI5TXXXJA5FQ2HJQGFT7NTN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMW5CIODKRHUUH7NTAYIRWGSJ56DTGXM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3GYCHPVJ2VFN3D7FI4IRMDVMILLWBRF/https://github.com/appneta/tcpreplay/issues/824https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EHUILQV2YJI5TXXXJA5FQ2HJQGFT7NTN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMW5CIODKRHUUH7NTAYIRWGSJ56DTGXM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3GYCHPVJ2VFN3D7FI4IRMDVMILLWBRF/https://lists.fedoraproject.org/archives/list/[email protected]/message/TMW5CIODKRHUUH7NTAYIRWGSJ56DTGXM/https://lists.fedoraproject.org/archives/list/[email protected]/message/V3GYCHPVJ2VFN3D7FI4IRMDVMILLWBRF/
2024-03-12
Published