UBUNTU-CVE-2025-9019

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-9019

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9019.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-9019

Upstream

CVE-2025-9019

Published

2025-08-15T07:15:00Z

Modified

2026-01-20T20:13:41.560896Z

Severity

3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
1.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. The code maintainer cannot reproduce this for 4.5.2-beta1. In his reply the maintainer explains that "[i]n that case, this is a duplicate that was fixed in 4.5.2."

References

Affected packages

Ubuntu:25.10

tcpreplay

Package

Name: tcpreplay
Purl: pkg:deb/ubuntu/tcpreplay@4.5.2-1?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.5.1-1

4.5.2-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "4.5.2-1",
            "binary_name": "tcpreplay"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9019.json"

Ubuntu:Pro:16.04:LTS

tcpreplay

Package

Name: tcpreplay
Purl: pkg:deb/ubuntu/tcpreplay@3.4.4-2+deb8u1ubuntu0.1~esm3?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.4.4-2

3.4.4-2+deb8u1build0.16.04.1

3.4.4-2+deb8u1ubuntu0.1~esm1

3.4.4-2+deb8u1ubuntu0.1~esm2

3.4.4-2+deb8u1ubuntu0.1~esm3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "3.4.4-2+deb8u1ubuntu0.1~esm3",
            "binary_name": "tcpreplay"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9019.json"

Ubuntu:Pro:18.04:LTS

tcpreplay

Package

Name: tcpreplay
Purl: pkg:deb/ubuntu/tcpreplay@4.2.6-1ubuntu0.1~esm5?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.2.6-1

4.2.6-1ubuntu0.1~esm1

4.2.6-1ubuntu0.1~esm2

4.2.6-1ubuntu0.1~esm3

4.2.6-1ubuntu0.1~esm4

4.2.6-1ubuntu0.1~esm5

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "4.2.6-1ubuntu0.1~esm5",
            "binary_name": "tcpreplay"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9019.json"

Ubuntu:Pro:20.04:LTS

tcpreplay

Package

Name: tcpreplay
Purl: pkg:deb/ubuntu/tcpreplay@4.3.2-1ubuntu0.1~esm3?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3.2-1build1

4.3.2-1ubuntu0.1~esm1

4.3.2-1ubuntu0.1~esm2

4.3.2-1ubuntu0.1~esm3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "4.3.2-1ubuntu0.1~esm3",
            "binary_name": "tcpreplay"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9019.json"

Ubuntu:Pro:22.04:LTS

tcpreplay

Package

Name: tcpreplay
Purl: pkg:deb/ubuntu/tcpreplay@4.3.4-1ubuntu0.1~esm2?arch=source&distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3.3-2

4.3.4-1

4.3.4-1ubuntu0.1~esm1

4.3.4-1ubuntu0.1~esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "4.3.4-1ubuntu0.1~esm2",
            "binary_name": "tcpreplay"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9019.json"

Ubuntu:Pro:24.04:LTS

tcpreplay

Package

Name: tcpreplay
Purl: pkg:deb/ubuntu/tcpreplay@4.4.4-1ubuntu0.1~esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.3-1

4.4.4-1

4.4.4-1build1

4.4.4-1build2

4.4.4-1ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "4.4.4-1ubuntu0.1~esm1",
            "binary_name": "tcpreplay"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9019.json"