Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-51006 PoC — AppNeta TCPrewrite 安全漏洞

Source
https://github.com/sy460129/CVE-2025-51006
Associated Vulnerability
Title:AppNeta TCPrewrite 安全漏洞 (CVE-2025-51006)
Description:AppNeta TCPrewrite是AppNeta公司的用于编辑和重放以前由tcpdump和Wireshark等工具捕获的网络流量的工具。 AppNeta TCPrewrite存在安全漏洞,该漏洞源于dlt_linuxsll2_cleanup函数存在双重释放,可能导致内存损坏和拒绝服务攻击。
Readme
# CVE-2025-51006 – Double Free in tcpreplay 4.5.1 leads to DoS

**Affected Product:** tcpreplay  
**Vendod:** Appneta  
**Affected Version(s):** 4.5.1  
**Fixed Version:** 4.5.2  
**Vulnerability Type:** Double Free (CWE-415)  
**Impact:** Denial of Service  

## Description
In tcpreplay **4.5.1**, the `tcprewrite` utility can trigger a **double free** during the DLT plugin cleanup path when closing the tcpedit context after processing a crafted file. Under these conditions, the same pointer is freed twice, which aborts the process and results in a **Denial of Service (DoS)**.

## Trigger
**Trigger / Reproduction**  
1) Build tcpreplay 4.5.1 (building with ASan helps but is not required).  
2) Run: src/tcprewrite -i ./poc -o /dev/null 


## Sanitizer log
<img width="800" height="400" alt="image" src="https://github.com/user-attachments/assets/29487956-71b8-4118-a204-1823fd0e3d89" />


## PoC
[poc.zip](https://github.com/user-attachments/files/22300744/poc.zip)
File Snapshot

 [4.0K]  /data/pocs/ad16f21e1de736f76bafaf84b44e02e5d68bb8f5
├── [ 297]  poc
└── [ 977]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.