VDB
CVE-2025-51006
CVE-2025-51006
PUBLISHED
CVSS 8.600000381469727 HIGH
Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c. This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly invokes the cleanup routine multiple times on the same memory region. By supplying a specifically crafted pcap file to the tcprewrite binary, a local attacker can exploit this flaw to cause a Denial of Service (DoS) via memory corruption.
EPSS 0.06% · 19.0th percentile
Risk Scores
CVSS v4.0
8.600000381469727
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.06%
19.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| broadcom | tcpreplay | 4.5.1 |
| n/a | n/a | n/a |
Timeline
- Sep 22, 2025 CVE Published
- Sep 22, 2025 CVE Updated
- Sep 23, 2025 EPSS Score
- Sep 30, 2025 EPSS Score
- Oct 4, 2025 Coalition ESS Score
- Oct 6, 2025 Coalition ESS Score
- Oct 7, 2025 EPSS Score
- Oct 13, 2025 EPSS Score
- Oct 15, 2025 Coalition ESS Score
- Oct 16, 2025 Coalition ESS Score
- Oct 20, 2025 EPSS Score
- Oct 27, 2025 EPSS Score