CVE-2025-9386

CWE-119Buffer OverflowCWE-416Use After Free5 documents5 sources
Severity
4.8MEDIUM
EPSS
0.0%
top 89.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom TcpreplayAppneta Tcpreplay
Timeline
PublishedAug 24

Description

A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.2-beta3 is sufficient to resolve this issue. You should upgrade the affected component.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

CVEListV5appneta/tcpreplay4.5.0, 4.5.1+1
Debiantcpreplay< 4.5.2-1

🔴Vulnerability Details

3
CVEList
appneta tcpreplay tcprewrite get.c get_l2len_protocol use after free2025-08-24
OSV
CVE-2025-9386: A vulnerability has been found in appneta tcpreplay up to 42025-08-24
GHSA
GHSA-722m-c232-cwqp: A vulnerability has been found in appneta tcpreplay up to 42025-08-24

📋Vendor Advisories

1
Debian
CVE-2025-9386: tcpreplay - A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted el...2025
CVE-2025-9386 (MEDIUM CVSS 4.8) | A vulnerability has been found in a | cvebase.io