CVE-2025-9157
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-19

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-19
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-08-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-9157
EUVD
EUVD-2025-25247
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
appneta tcpreplay 4.5.2-beta2
appneta tcpreplay 6fcbf03
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the appneta tcpreplay software up to version 4.5.2-beta2, specifically in the function untrunc_packet within the file src/tcpedit/edit_packet.c of the tcprewrite component. It is a use-after-free vulnerability that can be triggered by manipulating the software, potentially leading to unexpected behavior or crashes. The attack can be launched locally on the host machine. A patch has been released to fix this issue.


How can this vulnerability impact me? :

Exploiting this vulnerability can lead to use-after-free conditions, which may cause the application to crash, behave unpredictably, or potentially allow an attacker to execute arbitrary code or escalate privileges on the local host. This can compromise the security and stability of the affected system.


What immediate steps should I take to mitigate this vulnerability?

Apply the patch identified as 73008f261f1cdf7a1087dc8759115242696d35da to the affected software version (appneta tcpreplay up to 4.5.2-beta2) to resolve the use after free vulnerability in the untrunc_packet function of tcprewrite component.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart