关联漏洞
标题:AppNeta TCPrewrite 安全漏洞 (CVE-2025-51006)Description:AppNeta TCPrewrite是AppNeta公司的用于编辑和重放以前由tcpdump和Wireshark等工具捕获的网络流量的工具。 AppNeta TCPrewrite存在安全漏洞,该漏洞源于dlt_linuxsll2_cleanup函数存在双重释放,可能导致内存损坏和拒绝服务攻击。
介绍
# CVE-2025-51006 – Double Free in tcpreplay 4.5.1 leads to DoS
**Affected Product:** tcpreplay
**Vendod:** Appneta
**Affected Version(s):** 4.5.1
**Fixed Version:** 4.5.2
**Vulnerability Type:** Double Free (CWE-415)
**Impact:** Denial of Service
## Description
In tcpreplay **4.5.1**, the `tcprewrite` utility can trigger a **double free** during the DLT plugin cleanup path when closing the tcpedit context after processing a crafted file. Under these conditions, the same pointer is freed twice, which aborts the process and results in a **Denial of Service (DoS)**.
## Trigger
**Trigger / Reproduction**
1) Build tcpreplay 4.5.1 (building with ASan helps but is not required).
2) Run: src/tcprewrite -i ./poc -o /dev/null
## Sanitizer log
<img width="800" height="400" alt="image" src="https://github.com/user-attachments/assets/29487956-71b8-4118-a204-1823fd0e3d89" />
## PoC
[poc.zip](https://github.com/user-attachments/files/22300744/poc.zip)
文件快照
[4.0K] /data/pocs/ad16f21e1de736f76bafaf84b44e02e5d68bb8f5
├── [ 297] poc
└── [ 977] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。