CVE-2025-9019

CWE-119 — Buffer Overflow CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

2.3LOW

EPSS

0.3%

top 43.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Tcpreplay

Timeline

PublishedAug 15

Description

A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. Th…

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶Debiantcpreplay< 4.5.2-1

▶CVEListV5tcpreplay4.5.1

▶NVDbroadcom/tcpreplay4.5.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

tcpreplay tcpprep cidr.c mask_cidr6 heap-based overflow↗2025-08-15

▶

GHSA

GHSA-f6rq-rhh3-fpff: A vulnerability has been found in tcpreplay 4↗2025-08-15

▶

OSV

CVE-2025-9019: A vulnerability has been found in tcpreplay 4↗2025-08-15

▶

📋Vendor Advisories

Debian

CVE-2025-9019: tcpreplay - A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects th...↗2025

▶