Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-51005 PoC — Appneta Tcpreplay 安全漏洞

Source
https://github.com/sy460129/CVE-2025-51005
Associated Vulnerability
Title:Appneta Tcpreplay 安全漏洞 (CVE-2025-51005)
Description:A heap-buffer-overflow vulnerability exists in the tcpliveplay utility of the tcpreplay-4.5.1. When a crafted pcap file is processed, the program incorrectly handles memory in the checksum calculation logic at do_checksum_math_liveplay in tcpliveplay.c, leading to a possible denial of service.
Readme
# CVE-2025-51005 – Heap Buffer Overflow in tcpliveplay checksum calculation

**Affected Product:** tcpreplay  
**Vendod:** Appneta  
**Affected Version(s):** 4.5.1  
**Fixed Version:** Not yet.  
**Vulnerability Type:** Heap Buffer Overflow (CWE-122)  
**Impact:** Denial of Service  

## Description
A heap buffer overflow vulnerability exists in the tcpliveplay.  
When handling crafted pcap files, the program miscalculates the remaining packet length derived from the IPv4 header. This unchecked value is later used in checksum operations, resulting in memory access beyond the allocated buffer.  
The vendor has announced that this function will be removed starting from version 4.6.  

## Trigger
**Trigger / Reproduction**  
1) Build tcpreplay 4.5.1 (building with ASan helps but is not required).  
2) Run: sudo ./src/tcpliveplay eth0 ./a.pcap 0.0.0.0 00:00:00:00:00:00 random


## Sanitizer log

<img width="1589" height="604" alt="image" src="https://github.com/user-attachments/assets/1454c746-45d1-49e2-ba79-ba1c6478c890" />

## Reference
https://github.com/appneta/tcpreplay/issues/925

## PoC
[poc.zip](https://github.com/user-attachments/files/22483651/poc.zip)
File Snapshot

 [4.0K]  /data/pocs/cd2c46b8fbeef141034bb35539c8525eb8274f03
├── [  72]  a.pcap
└── [1.2K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →