Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-9019

A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. The code maintainer cannot reproduce this for 4.5.2-beta1. In his reply the maintainer explains that "[i]n that case, this is a duplicate that was fixed in 4.5.2."

Published

2025-08-15T07:15:29.850

Last Modified

2025-09-11T17:53:34.270

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.1 (LOW)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: HIGH
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

4.9

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-119
    CWE-122
  • Type: Primary
    CWE-787
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application broadcom tcpreplay 4.5.1 Yes
References