Appneta TcpReplay Null Pointer Dereference Vulnerability in Version 4.5.1 and Prior

A null pointer dereference vulnerability has been identified in the Appneta TcpReplay utility, specifically in the Tcprewrite component, in versions through 4.5.1. The issue arises in the 'tcpedit_post_args' function within the 'parse_args.c' file, where malformed port mapping arguments are processed. This flaw leads to a segmentation fault, as the 'strtol' function attempts to convert a null pointer, causing the program to crash. The vulnerability requires local access to exploit.

Impact

Exploitation of this vulnerability leads to a segmentation fault, causing the application to crash. This represents a classic null pointer dereference, where the program fails to validate input before passing it to functions that expect valid pointers, resulting in a crash or abnormal termination.

Reproduction

The vulnerability can be reproduced by compiling TcpReplay's Tcprewrite utility with AddressSanitizer enabled. After compiling, the Tcprewrite command can be executed with the '--portmap' option, using malformed port mapping parameters that trigger the null pointer dereference. The program will crash, demonstrating the vulnerability.

Remediation

Users are advised to upgrade to TcpReplay version 4.5.2-beta2, which addresses this vulnerability.