Candidate: CVE-2019-8381
PublicDate: 2019-02-17 02:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8381
 https://github.com/appneta/tcpreplay/issues/538
 https://research.loginsoft.com/bugs/invalid-memory-access-vulnerability-in-function-do_checksum-tcpreplay-4-3-1/
Description:
 An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs
 in do_checksum in checksum.c. It can be triggered by sending a crafted pcap
 file to the tcpreplay-edit binary. It allows an attacker to cause a Denial
 of Service (Segmentation fault) or possibly have unspecified other impact.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_tcpreplay:
upstream_tcpreplay: released (4.3.1-2)
precise/esm_tcpreplay: DNE
trusty_tcpreplay: ignored (reached end-of-life)
trusty/esm_tcpreplay: DNE (trusty was needs-triage)
xenial_tcpreplay: ignored (end of standard support, was needed)
bionic_tcpreplay: needed
cosmic_tcpreplay: ignored (reached end-of-life)
disco_tcpreplay: not-affected (4.3.1-2)
eoan_tcpreplay: not-affected (4.3.1-2)
focal_tcpreplay: not-affected (4.3.1-2)
groovy_tcpreplay: not-affected (4.3.1-2)
hirsute_tcpreplay: not-affected (4.3.1-2)
impish_tcpreplay: not-affected (4.3.1-2)
jammy_tcpreplay: not-affected (4.3.1-2)
devel_tcpreplay: not-affected (4.3.1-2)