CVE-2019-8376

Name of the Vulnerable Software and Affected Versions Tcpreplay version 4.3.1

Description The issue is related to a NULL pointer dereference in the get layer4 v6() function, located in the get.c file. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary, allowing an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Recommendations For Tcpreplay version 4.3.1, consider avoiding the use of crafted pcap files with the tcpreplay-edit binary until a patch is available. As a temporary workaround, restrict access to the get layer4 v6() function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.