Home

Description

EN DE

A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. The code maintainer cannot reproduce this for 4.5.2-beta1. In his reply the maintainer explains that "[i]n that case, this is a duplicate that was fixed in 4.5.2."

Es geht um die Funktion mask_cidr6 der Datei cidr.c der Komponente tcpprep. Mit der Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung.

PUBLISHED Reserved 2025-08-14 | Published 2025-08-15 | Updated 2025-08-15 | Assigner VulDB




LOW: 2.3CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
LOW: 3.1CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C
LOW: 3.1CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C
2.6AV:N/AC:H/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:C

Problem types

Heap-based Buffer Overflow

Memory Corruption

Timeline

2025-08-14:Advisory disclosed
2025-08-14:VulDB entry created
2025-08-14:VulDB entry last update

Credits

nipc-cxd (VulDB User) reporter

References

vuldb.com/?id.320080 (VDB-320080 | tcpreplay tcpprep cidr.c mask_cidr6 heap-based overflow) vdb-entry technical-description

vuldb.com/?ctiid.320080 (VDB-320080 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.623635 (Submit #623635 | tcpreplay tcpprep tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Heap Buffer Overflow) third-party-advisory

vuldb.com/?submit.623636 (Submit #623636 | tcpreplay tcpprep tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Heap Buffer Overflow (Duplicate)) third-party-advisory

vuldb.com/?submit.623637 (Submit #623637 | tcpreplay tcpprep tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Heap Buffer Overflow (Duplicate)) third-party-advisory

vuldb.com/?submit.623638 (Submit #623638 | tcpreplay tcpprep tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Heap Buffer Overflow (Duplicate)) third-party-advisory

vuldb.com/?submit.623639 (Submit #623639 | tcpreplay tcpprep tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Heap Buffer Overflow (Duplicate)) third-party-advisory

github.com/appneta/tcpreplay/issues/958 issue-tracking

github.com/appneta/tcpreplay/issues/958 issue-tracking

drive.google.com/...QoRfaJaaLf6iLtMiCRCHlBc/view?usp=sharing exploit

github.com/appneta/tcpreplay/issues/959 issue-tracking

cve.org (CVE-2025-9019)

nvd.nist.gov (CVE-2025-9019)

Download JSON