CVE-2025-8746
A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this "bug appears to be in libopts which is an external library." This vulnerability only affects products that are no longer supported by the maintainer.
Published
2025-08-09T06:15:35.580
Last Modified
2025-09-16T15:36:22.123
Status
Analyzed
Source
[email protected]
Severity
CVSSv3.1: 3.3 (LOW)
CVSSv2 Vector
AV:L/AC:L/Au:S/C:N/I:N/A:P
- Access Vector: LOCAL
- Access Complexity: LOW
- Authentication: SINGLE
- Confidentiality Impact: NONE
- Integrity Impact: NONE
- Availability Impact: PARTIAL
Exploitability Score
3.1
Impact Score
2.9
Weaknesses
-
Type: Secondary
CWE-119
-
Type: Primary
CWE-787
Affected Vendors & Products
| Type |
Vendor |
Product |
Version/Range |
Vulnerable? |
| Application |
gnu
|
libopts
|
≤ 27.6 |
Yes
|
References
-
https://drive.google.com/file/d/1yjKOHxvL_9xExy4QUb5x43dxci1x59ts/view?usp=sharing
Exploit
([email protected])
-
https://github.com/appneta/tcpreplay/issues/957
Exploit, Issue Tracking, Vendor Advisory
([email protected])
-
https://github.com/appneta/tcpreplay/issues/957#issuecomment-3124774393
Exploit, Issue Tracking, Vendor Advisory
([email protected])
-
https://vuldb.com/?ctiid.319242
Permissions Required, VDB Entry
([email protected])
-
https://vuldb.com/?id.319242
Third Party Advisory, VDB Entry
([email protected])
-
https://vuldb.com/?submit.623632
Exploit, Third Party Advisory, VDB Entry
([email protected])
-
https://www.gnu.org/
Product
([email protected])
-
https://github.com/appneta/tcpreplay/issues/957
Exploit, Issue Tracking, Vendor Advisory
(134c704f-9b21-4f2e-91b3-4a467353bcc0)