CVE-2024-54192
Awaiting Analysis Awaiting Analysis - Queue
Denial of Service in Tcpreplay v4.5.1 via tcpedit_dlt_getplugin

Publication date: 2026-02-10

Last updated on: 2026-02-18

Assigner: MITRE

Description
An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit_dlt_getplugin function at src/tcpedit/plugins/dlt_utils.c.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-02-18
Generated
2026-06-16
AI Q&A
2026-02-10
EPSS Evaluated
2026-06-15
NVD
CVE-2024-54192
EUVD
EUVD-2024-55416
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
appneta tcpreplay 4.5.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2024-54192 is a vulnerability in the tcpreplay tool version 4.5.1 where a local attacker can cause a denial of service by triggering a segmentation fault (SEGV) in the function tcpedit_dlt_getplugin located in src/tcpedit/plugins/dlt_utils.c.

The issue arises from improper handling of crafted input files that contain invalid Juniper (jnpr) header lengths, which leads to an invalid memory read and program crash.

A patch was introduced to add validation checks for these header lengths to prevent the segmentation fault and improve the robustness of the packet rewriting tool.

Impact Analysis

This vulnerability can cause the tcpreplay tool to crash unexpectedly when processing specially crafted input files, resulting in a denial of service.

If you rely on tcpreplay for network packet replay or testing, an attacker with local access could exploit this flaw to disrupt your operations by causing the tool to terminate.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by running the tcprewrite program with crafted input files that trigger the segmentation fault in the tcpedit_dlt_getplugin function. Specifically, executing tcprewrite with command-line options such as --dlt=enet and Ethernet MAC address parameters on a proof-of-concept input file can reproduce the crash.

A suggested command to detect the vulnerability is to build and configure the tcpreplay software, then run:

  • tcprewrite --dlt=enet --enet-smac=00:11:22:33:44:55 --enet-dmac=66:77:88:99:AA:BB <input_file>

If the program crashes with a segmentation fault, it indicates the presence of the vulnerability.

Mitigation Strategies

To mitigate this vulnerability, update tcpreplay to a version that includes the patch fixing the issue. The fix involves a validation check for invalid Juniper header lengths in the tcpedit_dlt_getplugin function, preventing the segmentation fault.

The patch was merged into the 4.5.0-beta1 branch on June 8, 2024, so upgrading to this version or later will address the vulnerability.

Until an update is applied, avoid processing untrusted or crafted input files with tcprewrite to prevent denial of service.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-54192. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart