CVE-2025-9649
BaseFortify
Publication date: 2025-08-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| broadcom | tcpreplay | 4.5.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-369 | The product divides a value by zero. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9649 is a divide-by-zero vulnerability in the tcpreplay utility (version 4.5.1 and certain later commits). It occurs in the function calc_sleep_time within the send_packets.c source file. The vulnerability arises because the program does not properly validate input parameters related to bandwidth rate or packets per second (PPS), allowing extremely small or malformed values to be used as divisors. This causes a division by zero, triggering a floating-point exception (SIGFPE) and causing the program to crash immediately. Exploitation requires local access and can be triggered by replaying specially crafted packet data with malicious parameters. The issue has been confirmed and fixed in version 4.5.3-beta3 and later. [1, 2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can impact you by causing the tcpreplay program to crash due to a division by zero error. This results in a denial of service (DoS) condition where the software becomes unavailable or stops functioning unexpectedly. Since exploitation requires local access and specially crafted input, an attacker with local privileges can trigger this crash, potentially disrupting network testing or replay operations that rely on tcpreplay. [1, 2, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the division by zero crash locally on the affected system using the provided proof-of-concept (PoC) files and specific command-line parameters that trigger the flaw. For example, compile tcpreplay with AddressSanitizer enabled and run commands such as: - For MBPS parameter exploitation: tcpreplay -M 0.000001 -i lo POC_tcpreplay_calc_sleep_time_mbps_division_by_zero_1091 - For PPS parameter exploitation: tcpreplay -p -0.000001 -i lo POC_tcpreplay_calc_sleep_time_pps_division_by_zero_1125 These commands use specially crafted packet capture files and extremely small bandwidth or packet rate parameters to trigger the floating-point exception (division by zero) and cause the program to crash, confirming the presence of the vulnerability. [2, 4]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the affected tcpreplay software to version 4.5.3-beta3 or later, as this version has been confirmed by the vendor to not contain the vulnerability. Avoid running vulnerable versions locally, especially with untrusted input parameters that could trigger the divide-by-zero condition. If upgrading is not immediately possible, restrict local access to the system to prevent exploitation, since the attack requires local access. [1]