Tcpreplay Double Free Vulnerability in Dlt_Linuxsll2 Cleanup Function

A double free vulnerability has been identified in the Tcpreplay utility, specifically in version 4.5.1. This issue arises within the DLT LinuxSLL2 cleanup function, located in the plugins/dlt_linuxsll2/linuxsll2.c file. The vulnerability is triggered when the tcpedit_dlt_cleanup function calls the cleanup routine multiple times on the same memory region, leading to memory corruption. A local attacker can exploit this flaw by supplying a crafted pcap file to the Tcprewrite binary, causing a denial-of-service condition through memory corruption.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by leading to memory corruption and a process crash.

Reproduction

The vulnerability can be reproduced by building Tcpreplay 4.5.1 with AddressSanitizer enabled, and then using the Tcprewrite utility to process a crafted pcap file that triggers the double free. The AddressSanitizer will detect the double free error, indicating that the vulnerability has been successfully exploited.

Remediation

Users can upgrade to Tcpreplay version 4.5.2, where this vulnerability has been fixed.