CVE-2025-9384

CWE-404CWE-476NULL Pointer Dereference5 documents5 sources
Severity
4.8MEDIUM
EPSS
0.0%
top 91.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom TcpreplayAppneta Tcpreplay
Timeline
PublishedAug 24

Description

A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpedit_post_args of the file /src/tcpedit/parse_args.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 4.5.2-beta2 is recommended to address this issue. Upgrading the affected component is advised. The vendor explains, that he was "[a]ble to reproduce in 6fcbf03 but not in 4.5.2-beta2".

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

CVEListV5appneta/tcpreplay4.5.0, 4.5.1+1
Debiantcpreplay< 4.5.2-1

🔴Vulnerability Details

3
CVEList
appneta tcpreplay parse_args.c tcpedit_post_args null pointer dereference2025-08-24
GHSA
GHSA-gc8m-9gpv-3rpr: A vulnerability was detected in appneta tcpreplay up to 42025-08-24
OSV
CVE-2025-9384: A vulnerability was detected in appneta tcpreplay up to 42025-08-24

📋Vendor Advisories

1
Debian
CVE-2025-9384: tcpreplay - A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the f...2025
CVE-2025-9384 (MEDIUM CVSS 4.8) | A vulnerability was detected in app | cvebase.io