tcpreplay Heap-Based Buffer Overflow Vulnerability in tcpprep Component

A heap-based buffer overflow vulnerability has been identified in the tcpreplay utility, specifically in version 4.5.1. The issue arises in the tcpprep component within the 'mask_cidr6' function of 'cidr.c'. This vulnerability is triggered through the include option processing path, leading to an out-of-bounds read that can cause memory corruption and program crashes. The vulnerability can be exploited remotely, although the exploitation process is complex and difficult.

Impact

Exploitation of this vulnerability leads to a heap-based buffer overflow, causing memory corruption and a program crash. Such heap overflows can often be exploited to execute arbitrary code under certain conditions.

Reproduction

The vulnerability can be reproduced by compiling tcpreplay with AddressSanitizer enabled and then executing the tcpprep utility with a specific load options file that triggers the buffer overflow. This file must contain malformed IPv6 CIDR include rules that the 'mask_cidr6' function will process, causing the out-of-bounds read that characterizes the vulnerability. The program will crash with a heap-buffer-overflow error, which can be verified using the AddressSanitizer tool.

Remediation

Users are advised to update to tcpreplay version 4.5.2 or later, where this vulnerability has been fixed.