Primary

Context

Tcpreplay Infinite Loop Vulnerability in Tcprewrite Function

Vulnerability

A denial-of-service vulnerability has been identified in Tcpreplay version 4.4.4. The issue arises from an infinite loop in the Tcprewrite function within get.c. This loop can be exploited by crafting a malicious pcap input file, causing the program to run indefinitely without termination.

Impact

Exploitation of this vulnerability leads to an infinite loop, causing the program to hang and consume resources without completing its task.

Reproduction

The vulnerability can be reproduced by compiling Tcpreplay with Clang and AddressSanitizer enabled, then running the Tcprewrite tool with a specially crafted pcap file that triggers the infinite loop.

Remediation

Users can update to Tcpreplay version 4.5, where this issue has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tcpreplay Infinite Loop Vulnerability in Tcprewrite Function

Vulnerability

Impact

Reproduction

Remediation

Affected Products

appneta tcpreplay

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating