CVE-2019-8377 - An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_

CVE-2019-8377

Summary

An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

References

Vulnerable Configurations

cpe:2.3:a:broadcom:tcpreplay:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:tcpreplay:4.3.1:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 08-04-2022 - 10:31)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	107085
fedora	FEDORA-2019-7d689dd314 FEDORA-2019-a9c08d4b40 FEDORA-2019-e40253f67e FEDORA-2020-256ac53cc7 FEDORA-2020-f47830961a
misc	https://github.com/appneta/tcpreplay/issues/536 https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_ipv6_l4proto-tcpreplay-4-3-1/

Last major update

08-04-2022 - 10:31

Published

17-02-2019 - 02:29

Last modified

08-04-2022 - 10:31