{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-9019", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-08-14T05:42:27.078Z", "datePublished": "2025-08-15T07:02:10.548Z", "dateUpdated": "2025-08-15T12:01:29.127Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-15T07:02:10.548Z"}, "title": "tcpreplay tcpprep cidr.c mask_cidr6 heap-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "n/a", "product": "tcpreplay", "versions": [{"version": "4.5.1", "status": "affected"}], "modules": ["tcpprep"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. The code maintainer cannot reproduce this for 4.5.2-beta1. In his reply the maintainer explains that \"[i]n that case, this is a duplicate that was fixed in 4.5.2.\""}, {"lang": "de", "value": "Es geht um die Funktion mask_cidr6 der Datei cidr.c der Komponente tcpprep. Mit der Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.3, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "LOW"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:C"}}], "timeline": [{"time": "2025-08-14T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-08-14T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-08-14T07:55:48.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "nipc-cxd (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.320080", "name": "VDB-320080 | tcpreplay tcpprep cidr.c mask_cidr6 heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.320080", "name": "VDB-320080 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.623635", "name": "Submit #623635 | tcpreplay tcpprep tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Heap Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.623636", "name": "Submit #623636 | tcpreplay tcpprep tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Heap Buffer Overflow (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.623637", "name": "Submit #623637 | tcpreplay tcpprep tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Heap Buffer Overflow (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.623638", "name": "Submit #623638 | tcpreplay tcpprep tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Heap Buffer Overflow (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.623639", "name": "Submit #623639 | tcpreplay tcpprep tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Heap Buffer Overflow (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/appneta/tcpreplay/issues/958", "tags": ["issue-tracking"]}, {"url": "https://github.com/appneta/tcpreplay/issues/958#issuecomment-3124876035", "tags": ["issue-tracking"]}, {"url": "https://drive.google.com/file/d/13SQYVIb_YQoRfaJaaLf6iLtMiCRCHlBc/view?usp=sharing", "tags": ["exploit"]}, {"url": "https://github.com/appneta/tcpreplay/issues/959", "tags": ["issue-tracking"]}]}, "adp": [{"references": [{"url": "https://vuldb.com/?submit.623639", "tags": ["exploit"]}, {"url": "https://github.com/appneta/tcpreplay/issues/959", "tags": ["exploit"]}, {"url": "https://github.com/appneta/tcpreplay/issues/958", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-15T12:01:25.362857Z", "id": "CVE-2025-9019", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-15T12:01:29.127Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9019", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-15T12:01:25.362857Z"}}}], "references": [{"url": "https://vuldb.com/?submit.623639", "tags": ["exploit"]}, {"url": "https://github.com/appneta/tcpreplay/issues/959", "tags": ["exploit"]}, {"url": "https://github.com/appneta/tcpreplay/issues/958", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-15T12:01:18.945Z"}}], "cna": {"title": "tcpreplay tcpprep cidr.c mask_cidr6 heap-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "nipc-cxd (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.3, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:C"}}], "affected": [{"vendor": "n/a", "modules": ["tcpprep"], "product": "tcpreplay", "versions": [{"status": "affected", "version": "4.5.1"}]}], "timeline": [{"lang": "en", "time": "2025-08-14T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-08-14T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-08-14T07:55:48.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.320080", "name": "VDB-320080 | tcpreplay tcpprep cidr.c mask_cidr6 heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.320080", "name": "VDB-320080 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.623635", "name": "Submit #623635 | tcpreplay tcpprep tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Heap Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.623636", "name": "Submit #623636 | tcpreplay tcpprep tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Heap Buffer Overflow (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.623637", "name": "Submit #623637 | tcpreplay tcpprep tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Heap Buffer Overflow (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.623638", "name": "Submit #623638 | tcpreplay tcpprep tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Heap Buffer Overflow (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.623639", "name": "Submit #623639 | tcpreplay tcpprep tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Heap Buffer Overflow (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/appneta/tcpreplay/issues/958", "tags": ["issue-tracking"]}, {"url": "https://github.com/appneta/tcpreplay/issues/958#issuecomment-3124876035", "tags": ["issue-tracking"]}, {"url": "https://drive.google.com/file/d/13SQYVIb_YQoRfaJaaLf6iLtMiCRCHlBc/view?usp=sharing", "tags": ["exploit"]}, {"url": "https://github.com/appneta/tcpreplay/issues/959", "tags": ["issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. The code maintainer cannot reproduce this for 4.5.2-beta1. In his reply the maintainer explains that \"[i]n that case, this is a duplicate that was fixed in 4.5.2.\""}, {"lang": "de", "value": "Es geht um die Funktion mask_cidr6 der Datei cidr.c der Komponente tcpprep. Mit der Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-15T07:02:10.548Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9019", "state": "PUBLISHED", "dateUpdated": "2025-08-15T12:01:29.127Z", "dateReserved": "2025-08-14T05:42:27.078Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-08-15T07:02:10.548Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. The code maintainer cannot reproduce this for 4.5.2-beta1. In his reply the maintainer explains that \"[i]n that case, this is a duplicate that was fixed in 4.5.2.\""}], "id": "CVE-2025-9019", "lastModified": "2025-08-15T13:12:51.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-08-15T07:15:29.850", "references": [{"source": "cna@vuldb.com", "url": "https://drive.google.com/file/d/13SQYVIb_YQoRfaJaaLf6iLtMiCRCHlBc/view?usp=sharing"}, {"source": "cna@vuldb.com", "url": "https://github.com/appneta/tcpreplay/issues/958"}, {"source": "cna@vuldb.com", "url": "https://github.com/appneta/tcpreplay/issues/958#issuecomment-3124876035"}, {"source": "cna@vuldb.com", "url": "https://github.com/appneta/tcpreplay/issues/959"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.320080"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.320080"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.623635"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.623636"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.623637"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.623638"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.623639"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/appneta/tcpreplay/issues/958"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/appneta/tcpreplay/issues/959"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://vuldb.com/?submit.623639"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-122"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}