CVE-2023-43279

Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name	Vendor	Start Version	End Version
Tcpreplay	Ubuntu	esm-apps/bionic	*
Tcpreplay	Ubuntu	esm-apps/focal	*
Tcpreplay	Ubuntu	esm-apps/jammy	*
Tcpreplay	Ubuntu	esm-apps/noble	*
Tcpreplay	Ubuntu	esm-apps/xenial	*
Tcpreplay	Ubuntu	focal	*
Tcpreplay	Ubuntu	jammy	*
Tcpreplay	Ubuntu	mantic	*
Tcpreplay	Ubuntu	noble	*
Tcpreplay	Ubuntu	upstream	*

Potential Mitigations

References

https://github.com/appneta/tcpreplay/issues/824
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EHUILQV2YJI5TXXXJA5FQ2HJQGFT7NTN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMW5CIODKRHUUH7NTAYIRWGSJ56DTGXM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3GYCHPVJ2VFN3D7FI4IRMDVMILLWBRF/
https://github.com/appneta/tcpreplay/issues/824
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EHUILQV2YJI5TXXXJA5FQ2HJQGFT7NTN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMW5CIODKRHUUH7NTAYIRWGSJ56DTGXM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3GYCHPVJ2VFN3D7FI4IRMDVMILLWBRF/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-43279
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References