Candidate: CVE-2019-8377
PublicDate: 2019-02-17 02:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8377
 https://github.com/appneta/tcpreplay/issues/536
 https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_ipv6_l4proto-tcpreplay-4-3-1/
Description:
 An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference
 occurred in the function get_ipv6_l4proto() located at get.c. This can be
 triggered by sending a crafted pcap file to the tcpreplay-edit binary. It
 allows an attacker to cause a Denial of Service (Segmentation fault) or
 possibly have unspecified other impact.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_tcpreplay:
upstream_tcpreplay: released (4.3.1-2)
precise/esm_tcpreplay: DNE
trusty_tcpreplay: ignored (reached end-of-life)
trusty/esm_tcpreplay: DNE (trusty was needs-triage)
xenial_tcpreplay: ignored (end of standard support, was needed)
bionic_tcpreplay: needed
cosmic_tcpreplay: ignored (reached end-of-life)
disco_tcpreplay: not-affected (4.3.1-2)
eoan_tcpreplay: not-affected (4.3.1-2)
focal_tcpreplay: not-affected (4.3.1-2)
groovy_tcpreplay: not-affected (4.3.1-2)
hirsute_tcpreplay: not-affected (4.3.1-2)
impish_tcpreplay: not-affected (4.3.1-2)
jammy_tcpreplay: not-affected (4.3.1-2)
devel_tcpreplay: not-affected (4.3.1-2)