Appneta Tcpreplay

AppNeta tcpreplay 4.5.2-beta2 UAF in tcprewrite::untrunc_packet
CVE-2025-9157 5.3 - Medium - August 19, 2025

A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue.

Buffer Overflow

AppNeta Tcpreplay 4.4.4 Heap Overflow in get_layer4_v6
CVE-2024-3024 7.8 - High - March 28, 2024

A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c
CVE-2021-45386 5.5 - Medium - February 11, 2022

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c

assertion failure

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.
CVE-2021-45387 5.5 - Medium - February 11, 2022

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.

assertion failure

Heap-buffer overflow in the randomize_iparp function in edit_packet.c
CVE-2020-23273 5.5 - Medium - September 22, 2021

Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap.

Memory Corruption

Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'
CVE-2020-18976 - August 25, 2021

Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381.

An issue was discovered in tcpreplay tcpprep v4.3.3
CVE-2020-24266 7.5 - High - October 19, 2020

An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.

Memory Corruption

An issue was discovered in tcpreplay tcpprep v4.3.3
CVE-2020-24265 7.5 - High - October 19, 2020

An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service.

Memory Corruption

tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation
CVE-2020-12740 - May 08, 2020

tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c.

An issue was discovered in Tcpreplay 4.3.1
CVE-2019-8377 - February 17, 2019

An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

An issue was discovered in Tcpreplay 4.3.1
CVE-2019-8381 - February 17, 2019

An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

An issue was discovered in Tcpreplay 4.3.1
CVE-2019-8376 - February 17, 2019

An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c.
CVE-2018-20553 - December 28, 2018

Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c.

Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c.
CVE-2018-20552 - December 28, 2018

Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c.

A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1
CVE-2018-18408 9.8 - Critical - October 17, 2018

A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.

Dangling pointer

A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1
CVE-2018-18407 5.5 - Medium - October 17, 2018

A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service.

Out-of-bounds Read

An issue was discovered in Tcpreplay 4.3.0 beta1
CVE-2018-17974 5.5 - Medium - October 03, 2018

An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service.

Out-of-bounds Read

Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read
CVE-2018-17582 7.1 - High - September 28, 2018

Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file.

Out-of-bounds Read

A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1
CVE-2018-17580 7.1 - High - September 28, 2018

A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file.

Out-of-bounds Read

get_l2len in common/get.c in Tcpreplay 4.3.0 beta1
CVE-2018-13112 7.5 - High - July 03, 2018

get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep.

Out-of-bounds Read