CVE-2025-9384
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-24

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpedit_post_args of the file /src/tcpedit/parse_args.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 4.5.2-beta2 is recommended to address this issue. Upgrading the affected component is advised. The vendor explains, that he was "[a]ble to reproduce in 6fcbf03 but not in 4.5.2-beta2".
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-24
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-08-24
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9384
EUVD
EUVD-2025-28842
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
broadcom tcpreplay to 4.5.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9384 is a null pointer dereference vulnerability in the tcprewrite utility of the AppNeta tcpreplay package. It occurs due to insufficient input validation of the port mapping parameters passed via the --portmap option. When malformed parameters are provided, a null pointer is passed to the standard library function strtol during string-to-integer conversion, causing a segmentation fault and crashing the program. The flaw exists in the function tcpedit_post_args and the parse_portmap function chain, leading to a crash when processing invalid port mapping arguments. [1, 2, 3]

Impact Analysis

This vulnerability can cause the tcprewrite utility to crash due to a null pointer dereference when processing malformed port mapping parameters. The impact is primarily on the availability of the software, as exploitation leads to a segmentation fault and immediate termination of the program. The attack requires local access and cannot be exploited remotely. While it does not affect confidentiality or integrity, it disrupts normal operation and may cause denial of service. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by attempting to reproduce the crash using the provided proof-of-concept (PoC) with malformed port mapping parameters. Specifically, running the following command with a crafted packet capture file triggers the null pointer dereference and program crash: ``` tcprewrite --portmap -43:4443 -i POC_tcprewrite_null_pointer_dereference_portmap_parsing -o /dev/null ``` Monitoring for segmentation faults (SIGSEGV) or crashes of the `tcprewrite` utility when processing port mapping parameters can indicate exploitation attempts or presence of the vulnerability. [1, 2]

Mitigation Strategies

The immediate mitigation step is to upgrade the affected `tcpreplay` package to version 4.5.2-beta2 or later, as this version has been confirmed by the vendor to fix the vulnerability. Avoid using vulnerable versions (up to 4.5.1) and do not run `tcprewrite` with untrusted or malformed `--portmap` parameters. Restrict local access to the system to prevent exploitation since the attack requires local access. [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9384. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart