Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-27785: [Bug] NULL Pointer Dereference in parse_endpoints() at cidr.c:367 · Issue #785 · appneta/tcpreplay

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function.

CVE
Open in Source
#ubuntu#dos#git

Describe the bug
There is a NULL Pointer Dereference in parse_endpoints() when the user passes empty endpoints string to tcprewrite with option --endpoints.

To Reproduce
Steps to reproduce the behavior:

  1. Get the Tcpreplay source code and compile it.

  2. Generate cache file $ ./tcpprep --port --pcap=./test.pcap --cachefile=./test.cache
    The file test.pcap is from tcpreplay codebase, which is located in test/test.pcap.

  3. Run Command $ ./tcprewrite --endpoints="" -i ./test.pcap -o /dev/null --cachefile=./test.cache

Expected behavior
Program crashes with Segmentation fault.

The GDB report is:

$ gdb --args ./bin_normal/bin/tcprewrite --endpoints="" -i ./code/test/test.pcap -o /dev/null --cachefile=./test.cache

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./bin_normal/bin/tcprewrite...
(gdb) r
Starting program: /home/ubuntu178/cvelibf/test/tcpreplay/latest/bin_normal/bin/tcprewrite --endpoints= -i ./code/test/test.pcap -o /dev/null --cachefile=./test.cache

Program received signal SIGSEGV, Segmentation fault.
0x000055555556fde2 in strlcat (dst=0x7fffffffc0aa "", src=0x0, dsize=92) at strlcat.c:45
45              while (*src != '\0') {
(gdb) bt
#0  0x000055555556fde2 in strlcat (dst=0x7fffffffc0aa "", src=0x0, dsize=92) at strlcat.c:45
#1  0x000055555556b6f0 in parse_endpoints (cidrmap1=0x555555580850, cidrmap2=0x555555580858, optarg=0x7fffffffc654 "") at cidr.c:367
#2  0x000055555555b51c in tcpedit_post_args (tcpedit=0x55555557fff0) at parse_args.c:243
#3  0x0000555555558c23 in main (argc=0, argv=0x7fffffffc2f0) at tcprewrite.c:89

System (please complete the following information):

  • OS: Ubuntu

  • OS version: 20.04, 64 bit

  • Tcpreplay Version: master bcb107a

    $ ./bin_normal/bin/tcprewrite -V tcprewrite version: 4.4.3 (build git:v4.4.3) Copyright 2013-2022 by Fred Klassen <tcpreplay at appneta dot com> - AppNeta Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net> The entire Tcpreplay Suite is licensed under the GPLv3 Cache file supported: 04 Not compiled with libdnet. Compiled against libpcap: 1.9.1 64 bit packet counters: enabled Verbose printing via tcpdump: enabled Fragroute engine: disabled

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE