CVE-2025-51006
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-22

Last updated on: 2025-10-14

Assigner: MITRE

Description
Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c. This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly invokes the cleanup routine multiple times on the same memory region. By supplying a specifically crafted pcap file to the tcprewrite binary, a local attacker can exploit this flaw to cause a Denial of Service (DoS) via memory corruption.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-22
Last Modified
2025-10-14
Generated
2026-06-16
AI Q&A
2025-09-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-51006
EUVD
EUVD-2025-30819
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
broadcom tcpreplay 4.5.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a double free bug in the tcpreplay 4.5.1 software, specifically in the tcprewrite utility's dlt_linuxsll2_cleanup() function. It occurs when the cleanup routine frees the same memory region twice during the closing of the tcpedit context after processing a specially crafted pcap file. This double free leads to memory corruption and causes the program to crash or terminate unexpectedly. [1, 2]

Impact Analysis

Exploiting this vulnerability allows a local attacker to cause a Denial of Service (DoS) by crashing the tcprewrite program through memory corruption. This can disrupt services or workflows that rely on tcpreplay's tcprewrite utility, potentially leading to downtime or interruption of network traffic replay tasks. [1, 2]

Detection Guidance

This vulnerability can be detected by running the tcprewrite utility from tcpreplay version 4.5.1 on a specially crafted pcap file that triggers the double-free bug. Using AddressSanitizer when compiling tcpreplay can help detect the double-free by reporting attempts to free the same memory region twice. A suggested command to reproduce and detect the issue is: `src/tcprewrite -i ./poc -o /dev/null`, where `./poc` is a proof-of-concept pcap file crafted to trigger the vulnerability. [1, 2]

Mitigation Strategies

The immediate mitigation step is to upgrade tcpreplay to version 4.5.2 or later, where this double-free vulnerability has been fixed. Avoid running tcprewrite on untrusted or specially crafted pcap files until the update is applied to prevent Denial of Service via memory corruption. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-51006. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart