CVE-2019-8377
Description
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Tcpreplay 4.3.1's get_ipv6_l4proto() function has a NULL pointer dereference that allows denial of service via a crafted pcap file.
Vulnerability
A NULL pointer dereference was found in the get_ipv6_l4proto() function in get.c in Tcpreplay version 4.3.1 [1][2]. The function does not properly validate a pointer before dereferencing it when processing a crafted pcap file sent to the tcpreplay-edit binary with specific command-line options (e.g., -r 80:84 -s 20 -b -C -m 1500 -P --oneatatime) [1].
Exploitation
An attacker can trigger this vulnerability by supplying a specially crafted pcap file to the tcpreplay-edit tool [1]. The likely command line is tcpreplay-edit -r 80:84 -s 20 -b -C -m 1500 -P --oneatatime -i $INTERFACE $POC [1]. No authentication or special privileges are required; the attacker only needs the ability to deliver the malicious pcap to the binary.
Impact
A successful exploit causes a segmentation fault (SIGSEGV), resulting in a denial of service (crash) of the tcpreplay-edit process [1]. The description also mentions “possibly have unspecified other impact,” though no details of further compromise (e.g., code execution) have been published [1].
Mitigation
The available references do not mention a specific fixed version release date. The Tcpreplay issue tracker ([1]) and advisory ([2]) only confirm the vulnerability. As of publication, users should monitor the Tcpreplay project for a patched version. If no fix is immediately available, avoid processing untrusted pcap files with tcpreplay-edit.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: = 4.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4YAT4AGTHQKB74ETOQPJMV67TSDIAPOC/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EB3ASS7URTIA3IFSBL2DIWJAFKTBJCAW/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLPY6W7Z7G6PF2JN4LXXHCACYLD4RBG6/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UOSEIQ3D2OONCJEVMGC2TYBC2QX4E5EJ/mitrevendor-advisoryx_refsource_FEDORA
- www.securityfocus.com/bid/107085mitrevdb-entryx_refsource_BID
- github.com/appneta/tcpreplay/issues/536mitrex_refsource_MISC
- research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_ipv6_l4proto-tcpreplay-4-3-1/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.