CVE-2025-51006 — Double Free in Tcpreplay

CWE-415 — Double Free5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 83.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Tcpreplay

Timeline

PublishedSep 22

Description

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c. This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly invokes the cleanup routine multiple times on the same memory region. By supplying a specifically crafted pcap file to the tcprewrite binary, a local attacker can exploit this flaw to cause a Denial of Service (DoS) via memory corruption.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Debianbroadcom/tcpreplay< 4.5.2-1

▶NVDbroadcom/tcpreplay4.5.1

Patches

Patch: github.com ↗

🔴Vulnerability Details

CVEList

CVE-2025-51006: Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxs↗2025-09-22

▶

GHSA

GHSA-7rv6-hjpp-g74c: Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxs↗2025-09-22

▶

OSV

CVE-2025-51006: Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxs↗2025-09-22

▶

📋Vendor Advisories

Debian

CVE-2025-51006: tcpreplay - Within tcpreplay's tcprewrite, a double free vulnerability has been identified i...↗2025

▶