[Tcpreplay-users] Fwd: Buffer Overflow Vulnerability in Tcpreplay 4.1.2(tcpcapinfo)

Aromal Raj Tue, 07 Feb 2017 21:10:53 -0800


Hi,

This mail is to report a Buffer Overflow Vulnerability which i found in
'tcpcapinfo' utility which comes with latest Tcpreplay 4.1.2 version. This
happens when tcpcapinfo process a specially crafted pcap file.


*Steps to reproduce:*
raras@ubuntu:~$ tcpcapinfo bogus.pcap 

*Expected Output:*
Invalid file should not be parsed.

*Actual Output:*
Buffer Overflow

*The following files attached:*
bogus.pcap - Which is the crafted pcap file
gdb.log    - GDB output
valgrind.log - Valgrind output

Can
this have
a patch upstream?

-- 
*Thanks & Regards,*
*Aromal Raj*
"StAyHuNgRy StAyFoOliSh"

MYPublic Key
<https://pgp.mit.edu/pks/lookup?op=get&search=0x71361D11038FE591>

Key fingerprint = 4856 0C9A F982 32B5 53FE  340B 7136 1D11 038F E591

bogus.pcap
Description: Binary data

gdb.log
Description: Binary data

valgrind.log
Description: Binary data

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

[Tcpreplay-users] Fwd: Buffer Overflow Vulnerability in Tcpreplay 4.1.2(tcpcapinfo)

Reply via email to