{"id":"CVE-2019-8377","details":"An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.","modified":"2026-03-15T22:32:05.552439Z","published":"2019-02-17T02:29:00.283Z","related":["MGASA-2019-0158","openSUSE-SU-2024:11426-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLPY6W7Z7G6PF2JN4LXXHCACYLD4RBG6/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UOSEIQ3D2OONCJEVMGC2TYBC2QX4E5EJ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4YAT4AGTHQKB74ETOQPJMV67TSDIAPOC/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EB3ASS7URTIA3IFSBL2DIWJAFKTBJCAW/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/107085"},{"type":"REPORT","url":"https://github.com/appneta/tcpreplay/issues/536"},{"type":"EVIDENCE","url":"https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_ipv6_l4proto-tcpreplay-4-3-1/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/appneta/tcpreplay","events":[{"introduced":"0"},{"last_affected":"2595c903b61d9e50b22cbfcc6899f8f11a17bbff"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.3.1"}]}}],"versions":["help","v3.4.2","v3.4.3","v3.4.4","v4.0.0","v4.0.0beta1","v4.0.0beta2","v4.0.1","v4.0.2","v4.0.3","v4.0.4","v4.0.5","v4.0.5beta1","v4.0.5beta2","v4.0.5beta3","v4.1.0","v4.1.0beta1","v4.1.0beta2","v4.1.1","v4.1.1-beta2","v4.1.1-beta3","v4.1.2","v4.2.0","v4.2.0-beta1","v4.2.1","v4.2.2","v4.2.2-beta1","v4.2.3","v4.2.4","v4.2.5","v4.2.5-beta1","v4.2.6","v4.3.0","v4.3.0-beta1","v4.3.0-beta2","v4.3.1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"28"}]},{"events":[{"introduced":"0"},{"last_affected":"29"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-8377.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}