CVE-2019-8377

Name of the Vulnerable Software and Affected Versions Tcpreplay version 4.3.1

Description An issue was discovered in the function get ipv6 l4proto() located at get.c, which can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. This can cause a NULL pointer dereference, allowing an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Recommendations For Tcpreplay version 4.3.1, consider avoiding the use of crafted pcap files with the tcpreplay-edit binary until a patch is available. As a temporary workaround, restrict access to the get ipv6 l4proto() function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.