Home

Description

EN DE

A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue.

Es wurde eine Schwachstelle in appneta tcpreplay bis 4.5.2-beta2 entdeckt. Es geht hierbei um die Funktion untrunc_packet der Datei src/tcpedit/edit_packet.c der Komponente tcprewrite. Durch das Manipulieren mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Die Schwachstelle wurde öffentlich offengelegt und könnte ausgenutzt werden. Der Patch trägt den Namen 73008f261f1cdf7a1087dc8759115242696d35da. Es wird geraten, einen Patch zu installieren, um dieses Problem zu lösen.

PUBLISHED Reserved 2025-08-19 | Published 2025-08-19 | Updated 2025-08-19 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
MEDIUM: 5.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
4.3AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Problem types

Use After Free

Memory Corruption

Product status

4.5.2-beta1
affected

4.5.2-beta2
affected

Timeline

2025-08-19:Advisory disclosed
2025-08-19:VulDB entry created
2025-08-19:VulDB entry last update

Credits

HeureuxBuilding (VulDB User) reporter

References

vuldb.com/?id.320537 (VDB-320537 | appneta tcpreplay tcprewrite edit_packet.c untrunc_packet use after free) vdb-entry technical-description

vuldb.com/?ctiid.320537 (VDB-320537 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.630495 (Submit #630495 | tcpreplay tcprewrite tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Use-After-Free) third-party-advisory

github.com/appneta/tcpreplay/issues/970 issue-tracking

github.com/appneta/tcpreplay/issues/970 issue-tracking

drive.google.com/...96JbnYviPyZhVk-7HObtX8H/view?usp=sharing exploit

github.com/...ommit/73008f261f1cdf7a1087dc8759115242696d35da patch

cve.org (CVE-2025-9157)

nvd.nist.gov (CVE-2025-9157)

Download JSON