CVE-2024-54192 in tcpreplay
Summary
by MITRE • 02/10/2026
An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit_dlt_getplugin function at src/tcpedit/plugins/dlt_utils.c.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 02/19/2026
The vulnerability identified as CVE-2024-54192 resides within Tcpreplay version 4.5.1, a widely used network packet replayer and editor tool that facilitates the replay of captured network traffic for testing and analysis purposes. This issue manifests as a local denial of service condition that can be triggered by an attacker who crafts a malicious file and feeds it to the tcpedit_dlt_getplugin function located in the source file src/tcpedit/plugins/dlt_utils.c. The affected software component represents a critical part of the packet editing pipeline that handles data link type processing for various network protocols and formats.
The technical flaw stems from insufficient input validation and sanitization within the tcpedit_dlt_getplugin function, which processes data link type plugins without adequate bounds checking or error handling mechanisms. When a crafted file is passed to this function, the lack of proper validation allows malformed or unexpected input to cause the application to crash or become unresponsive, effectively denying service to legitimate users who attempt to utilize the tool for normal packet editing operations. This vulnerability operates at the application level and requires local access to exploit, as it does not involve network-based attack vectors or remote code execution capabilities.
The operational impact of this vulnerability extends beyond simple service disruption, as Tcpreplay serves critical functions in network security testing, protocol analysis, and traffic replay scenarios. When exploited, the denial of service condition can halt network testing procedures, disrupt security analysis workflows, and potentially compromise the integrity of network traffic analysis processes that depend on this tool. Attackers with local access can leverage this vulnerability to disrupt network operations, particularly in environments where Tcpreplay is used for continuous monitoring, security testing, or protocol validation activities.
Mitigation strategies for CVE-2024-54192 should focus on immediate software updates to versions that address the input validation deficiencies in the tcpedit_dlt_getplugin function. System administrators should implement strict access controls to limit local user privileges and reduce the attack surface for potential exploitation. Additionally, input sanitization measures should be enhanced through proper bounds checking, error handling, and validation routines that prevent malformed data from causing application crashes. This vulnerability aligns with CWE-129, Input Validation, and CWE-248, Uncaught Exception, and may be mapped to ATT&CK technique T1499.004, Endpoint Denial of Service, through its ability to cause system resource exhaustion and service unavailability. Organizations should also consider implementing monitoring solutions that can detect anomalous behavior patterns indicative of denial of service attacks targeting network analysis tools.