Vulnerability Description
An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Tcpreplay | 4.3.1 |
| Fedoraproject | Fedora | 28 |
Related Weaknesses (CWE)
References
- https://github.com/appneta/tcpreplay/issues/538ExploitIssue TrackingThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://research.loginsoft.com/bugs/invalid-memory-access-vulnerability-in-functExploitThird Party Advisory
- https://github.com/appneta/tcpreplay/issues/538ExploitIssue TrackingThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://research.loginsoft.com/bugs/invalid-memory-access-vulnerability-in-functExploitThird Party Advisory
FAQ
What is CVE-2019-8381?
CVE-2019-8381 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an ...
How severe is CVE-2019-8381?
CVE-2019-8381 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-8381?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Tcpreplay, Fedoraproject Fedora.