Primary

Context

Appneta Tcpreplay Heap Buffer Overflow Vulnerability in Tcpliveplay Utility

Vulnerability

A heap buffer overflow vulnerability has been identified in the tcpliveplay utility of Appneta Tcpreplay version 4.5.1. This vulnerability arises when the program processes crafted pcap files, particularly in the checksum calculation logic. The improper handling of packet lengths derived from the IPv4 header allows for memory access beyond the allocated buffer, potentially leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by building Tcpreplay 4.5.1 with AddressSanitizer enabled, and then running the tcpliveplay utility with a crafted pcap file that exploits the buffer overflow in the checksum calculation.

Remediation

The vulnerability is expected to be addressed in Tcpreplay version 4.6, when the tcpliveplay utility is removed.

Added: Sep 23, 2025, 7:22 PM

Updated: Sep 23, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Appneta Tcpreplay Heap Buffer Overflow Vulnerability in Tcpliveplay Utility

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Appneta tcpreplay

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating