CVE-2025-62672 | THREATINT

Description

rplay through 3.3.2 allows attackers to cause a denial of service (SIGSEGV and daemon crash) or possibly have unspecified other impact. This occurs in memcpy in the RPLAY_DATA case in rplay_unpack in librplay/rplay.c, potentially reachable via packet data with no authentication.

PUBLISHED Reserved 2025-10-19 | Published 2025-10-19 | Updated 2025-10-20 | Assigner mitre

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-770 Allocation of Resources Without Limits or Throttling

Product status

Default status

unknown

Any version

affected

References

www.openwall.com/lists/oss-security/2025/10/18/4

salsa.debian.org/alteholz/rplay

web.archive.org/web/20171109100411/http://rplay.doit.org

cve.org (CVE-2025-62672)

nvd.nist.gov (CVE-2025-62672)

Download JSON