CVE-2025-51005 PoC — Appneta Tcpreplay 安全漏洞

Source

https://github.com/sy460129/CVE-2025-51005

Associated Vulnerability

Title:Appneta Tcpreplay 安全漏洞 (CVE-2025-51005)
Description:Appneta Tcpreplay是Appneta开源的一款网络报文回放工具。 Appneta Tcpreplay 4.5.1版本存在安全漏洞，该漏洞源于tcpliveplay实用程序在处理特制pcap文件时错误处理内存，可能导致拒绝服务。

Readme

# CVE-2025-51005 – Heap Buffer Overflow in tcpliveplay checksum calculation

**Affected Product:** tcpreplay  
**Vendod:** Appneta  
**Affected Version(s):** 4.5.1  
**Fixed Version:** Not yet.  
**Vulnerability Type:** Heap Buffer Overflow (CWE-122)  
**Impact:** Denial of Service  

## Description
A heap buffer overflow vulnerability exists in the tcpliveplay.  
When handling crafted pcap files, the program miscalculates the remaining packet length derived from the IPv4 header. This unchecked value is later used in checksum operations, resulting in memory access beyond the allocated buffer.  
The vendor has announced that this function will be removed starting from version 4.6.  

## Trigger
**Trigger / Reproduction**  
1) Build tcpreplay 4.5.1 (building with ASan helps but is not required).  
2) Run: sudo ./src/tcpliveplay eth0 ./a.pcap 0.0.0.0 00:00:00:00:00:00 random


## Sanitizer log

<img width="1589" height="604" alt="image" src="https://github.com/user-attachments/assets/1454c746-45d1-49e2-ba79-ba1c6478c890" />

## Reference
https://github.com/appneta/tcpreplay/issues/925

## PoC
[poc.zip](https://github.com/user-attachments/files/22483651/poc.zip)

File Snapshot


 [4.0K]  /data/pocs/cd2c46b8fbeef141034bb35539c8525eb8274f03
├── [  72]  a.pcap
└── [1.2K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!