Arch Linux Security Advisory ASA-201905-5 ========================================= Severity: High Date : 2019-05-06 CVE-ID : CVE-2019-8376 CVE-2019-8377 CVE-2019-8381 Package : tcpreplay Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-902 Summary ======= The package tcpreplay before version 4.3.2-1 is vulnerable to multiple issues including arbitrary code execution and denial of service. Resolution ========== Upgrade to 4.3.2-1. # pacman -Syu "tcpreplay>=4.3.2-1" The problems have been fixed upstream in version 4.3.2. Workaround ========== None. Description =========== - CVE-2019-8376 (denial of service) An issue was discovered in tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. - CVE-2019-8377 (denial of service) An issue was discovered in tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. - CVE-2019-8381 (arbitrary code execution) An issue was discovered in tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. Impact ====== A remote attacker is able to cause a denial of service, or execute arbitrary code, with a specially crafted pcap file. References ========== https://github.com/appneta/tcpreplay/issues/537 https://research.loginsoft.com/vulnerability/null-pointer-dereference-vulnerability-in-function-get_layer4_v6-tcpreplay-4-3-1/ https://github.com/appneta/tcpreplay/issues/536 https://research.loginsoft.com/vulnerability/null-pointer-dereference-vulnerability-in-function-get_ipv6_l4proto-tcpreplay-4-3-1/ https://research.loginsoft.com/bugs/invalid-memory-access-vulnerability-in-function-do_checksum-tcpreplay-4-3-1/ https://github.com/appneta/tcpreplay/issues/538 https://github.com/appneta/tcpreplay/pull/548/commits/dae97cbafc5c06ebbc6b34e76ba614104f1b73e1 https://security.archlinux.org/CVE-2019-8376 https://security.archlinux.org/CVE-2019-8377 https://security.archlinux.org/CVE-2019-8381