CVE-2019-8376 - An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_

CVE-2019-8376

Summary

An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

References

Vulnerable Configurations

cpe:2.3:a:broadcom:tcpreplay:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:tcpreplay:4.3.1:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 08-04-2022 - 10:30)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	107085
fedora	FEDORA-2019-7d689dd314 FEDORA-2019-a9c08d4b40 FEDORA-2019-e40253f67e
misc	https://github.com/appneta/tcpreplay/issues/537 https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_layer4_v6-tcpreplay-4-3-1/

Last major update

08-04-2022 - 10:30

Published

17-02-2019 - 02:29

Last modified

08-04-2022 - 10:30